Worm  sparks  debate  MyDoom  outbreak  has 

companies  rethinking  whether  to  block  email  attachments.  PAGE  8. 


Extreme  move  Extreme  Networks  touts  a  LAN  switch 

it  says  will  move  switching  intelligence  to  the  edge.  PAGE  12. 
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SIP  rollouts  hit 
variety  of  snags 


■  BY  CAROLYN  DUFFY  MARSAN 

Commercial  VoIP  service  rollouts  are  taking  longer 
than  anticipated  as  early  adopters  of  Session  Initi¬ 
ation  Protocol  experience  unexpected  interoper¬ 
ability  problems  with  the  increasingly  important 
communications  mechanism. 

SIP  is  the  emerging  standard  for  setting  up  tele¬ 
phone  calls,  multimedia  conferencing,  instant  mes¬ 
saging  and  other  types  of  real-time  communications 
on  the  Internet.  An  array  of  network  gear  including 
IP  phones,  IP  PBXs,  servers,  media  gateways  and 
softswitches  support  SIP 

The  interoperability  problems  stem  from  vendors 
taking  different  approaches  to  SIP  features  such  as 
device  registration,  user  authentication  and  firewall 


traversal.  The  problems  range  from  failed  user 
logons  that  cause  systems  to  crash  to  annoyances 
such  as  difficulty  transferring  calls. 

Of  particular  concern  to  experts  is  that  some  ven¬ 
dors  have  not  followed  the  SIP  guidelines  for  fail¬ 
over  when  a  server  goes  down.  Companies  that  buy 
SIP  servers  without  the  correct  failover  mechanisms 
are  more  likely  to  experience  service  outages,  ex¬ 
perts  say. 

“This  is  the  natural  process  of  dealing  with  vendors 
that  have  not  been  compelled  to  interoperate  with 
each  other  in  the  past," says  Jon  Peterson,  a  co-author 
of  the  SIP  specification  and  one  of  the  directors  of 
the  Internet  Engineering  Task  Force’s  (IETF)  Trans¬ 
port  Area.'The  avant-garde  that  deploys  SIP  is  going 

See  SIP,  page  48 


EMC  blending  product  lines 

Storage  giant  advancing  ‘commonality’  of  Symmetrix,  Clariion  gear. 


■  BY  DENI  CONNOR 

Having  spent  much  of  the  past 
year  bolstering  its  software  portfo¬ 
lio,  EMC  will  return  to  its  bread 
and  butter  next  week  with  a  series 
of  storage  hardware  announce¬ 
ments  aimed  at  giving  customers 
greater  flexibility,  capacity  and 


performance. 

The  company  is  expected  to  an¬ 
nounce  Feb.  9: 

•  A  set  of  Symmetrix  storage 
arrays  called  the  DMX2,  which 
have  twice  as  many  drives  and 
processors  as  previous  DMXs  and 
promise  higher  performance. 

•  A  series  of  midrange  Clariion 


arrays  —  the  CX300,  CX500  and 
CX700  —  that  EMC  says  are  faster 
but  not  more  expensive  than  pre¬ 
vious  versions. 

•  New  replication,  back-up  and 
recovery  and  snapshot  capabili¬ 
ties  for  the  Clariions. 

•  One  of  the  first  implementa¬ 
tions  of  the  Storage  Management 
Initiative  Specification  (SMI-S),  a 
standard  for  managing  heteroge¬ 
neous  storage. 

With  these  announcements, 
EMC  is  aligning  the  release  of  its 
Symmetrix  products  with  its 
Clariion  arrays,  furthering  the 
ultimate  convergence  of  the  pro¬ 
duct  lines. 

“It  makes  perfect  sense  that  they 

See  EMC,  page  47 


A  Wider  Net 


Cell  tower  camouflage 
artists  just  want  to 
blend  in 


It’s  a  flagpole, 
it’s  a  palm  tree 
no,  it's  a  phone 
system. 

■  BY  DENISE  DUBIE 


teve  Meyer  knows  he’s 
done  his  job  right  when 
no  one  notices  his  work. 

That  is,  when  someone  pass¬ 
es  by  one  of  his  palm  trees  or 
cacti  without  realizing  they 
are  made  of  concrete  —  or 
that  they  are  cell  towers  or 


switches  in 
disguise. 

“My  biggest 
joy  in  cell  tower 
camouflage  is  that 
I  get  to  beautify  areas 
for  everyone  to  enjoy’ 
says  Meyer,  whose  firm. 
The  Larson  Co.,  also 
builds  faux  landscapes 
for  zoos  and  theme 
parks.  'No  one  needs  to 
know  that  beautiful 
landscape  has  anything 
See  Cell  towers,  page  16 
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SERVER  WIND 
UP  COSTING 
YOU  MORE? 


A  CIO  Insight  survey  of  IT  execs  revealed  this  startling  news:  42%  of  the  execs  polled  spent  an  average  of  29  cents  out 
of  every  IT  dollar  (!)  “maintaining  and  managing  excess  complexity.”1  Instead,  simplify.  That’s  what  the  on  demand  world 
demands.  You  can  do  it  with  IBM  eServer™  xSeries®  systems  powered  by  Intel®  Xeon™  processors.  Not  only  do  they  have 
built-in  self-management  features  that  can  help  improve  server  availability,  they’re  also  time-tested  and  reliable.  For  more 
information,  download  Why  X,  an  in-depth  guide  to  xSeries  systems  at  ibm.com/eserver/advantage 


5  reasons  more  and  more  businesses  are  turning  to  IBM  eServer  xSeries  systems. 


Scale  1-16  way  with  select 

IBM  Director  systems 

Linux-ready  through 

Mainframe-inspired 

24/7/365  optional  onsite 

models.  Pay  as  you  grow. 

management. 

the  entire  line. 

technologies. 

hardware  support / 

@  server 


IBM  eServer  xSeries  systems  are  powered 
by  Intel  Xeon  processors.  (And  they  may  very 
well  cost  less  than  you  think.) 


CIO  Insight  a  Ziff  Davis  Media  publication,  January  2003  survey  of  almost  500  IT  executives.  'Additional  charges  apply.  Standard  support  includes  next  business  day  response  in  some  countries  IBM,  the  e-business 
logo.  eServer.  the  eServer  logo  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside  logo 
and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 

of  others.  ©2004  IBM  Corporation.  All  rights  reserved. 
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STORAGE  LEGALLIABILITY 


Read  the  IT  chart.  You’ve  got  serious  problems. 

Porn  may  be  the  most  visible,  but  it’s  only  one  of  your  worries.  See  more  clearly  with  Websense  Enterprise’ 
the  most  comprehensive  solution  for  protecting  your  network  from  threats  that  appear  as  employee  computing  and 
the  Internet  converge.  You  don’t  have  to  rely  on  20/20  hindsight. 

For  a  free  white  paper  on  Emerging  Threats  in  Employee  Computing 
or  to  assess  your  risks  visit  www.websense.com/checkup. 
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On  again,  Off  again:  Savvy  companies  are  taking  a  mix-and-match  approach  to  offshore  outsourcing:  dividing  a 
project  into  various  components,  some  kept  onshore,  some  sent  to  offshore  workers.  Page  34. 
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Microsoft  pushes  security  on  two  fronts 

H  Microsoft  sought  to  advance  its  Trustworthy  Computing 
Initiative  last  week,  first  announcing  that  it  would  devote  more  of 
its  $6.8  billion  research  and  development  budget  to  address  secu¬ 
rity  and  then  revealing  changes  to  its  Internet  Explorer  browser 
that  are  designed  to  protect  consumers.  Speaking  in  Prague  at  the 
World  Economic  Forum,  Bill  Gates,  Microsoft’s  chief  software 
architect,  said  security  would  continue  to  be  the  company’s  top 
R&D  focus  for  years.  Later  in  the  week,  Microsoft  said  it  would 
release  an  update  to  its  browser  software.  The  update  would  dis¬ 
able  a  mechanism  that  lets  hackers  hide  code  in  Web  addresses 
that  can  direct  users  to  bogus  Web  sites.The  technique  typically  is 
used  in  scams  to  defraud  Web  surfers. The  company  did  not  say 
when  the  update  would  be  available,  but  security  experts  hailed 
the  move  and  said  it  would  make  Internet  use  more  secure. 

Ctrl+Alt+Delete  inventor  calls  it  quits 

■  Ctrl+Alt+Delete  inventor  David  Bradley  is  retiring  from  IBM  after  28  years.The  engi¬ 
neer,  one  of  12  who  created  the  IBM  PC,  needed  a  way  to  restart  the  computer  with¬ 
out  turning  it  off.  On  a  panel  with  Microsoft  founder  Bill  Gates  to  celebrate  the  birth 
of  the  IBM  PC,  Bradley  quipped, “I  may  have  invented  it, but  Bill  made  it  famous.” Gates 
didn’t  laugh. 

Big  Blue  merges  server,  semiconductor  groups 

■  IBM’s  server  and  semiconductor  groups  are  joining  forces  in  hopes  that  by  working 
together  the  two  will  help  each  other  improve  their  product  lines,  an  IBM  spokesman 
said. The  new  IBM  Technology  and  Systems  Group  is  a  combination  of  the  Technology 
Group  headed  by  John  Kelly, senior  vice  president  and  group  executive, and  the  Systems 
Group,  headed  by  William  Zeitler,  also  a  senior  vice  president  and  group  executive. The 
two  men  will  equally  share  responsibility  for  the  new  division,  overseeing  their  respec¬ 
tive  areas,  said  Chris  Andrews,  a  company  spokesman.  Kelly’s  group  designs,  manufac¬ 
tures  and  sells  processors  to  external  clients  and  IBM’s  server  group,  while  Zeitler’s  orga¬ 
nization  designs  and  develops  IBM’s  range  of  server  technology  from  mainframes  to 
blade  servers. 

Forecast  sees  growth  in  router  market 

SI  The  worldwide  router  market  will  increase  6%  over  the  next  five  years,  while  optical 
transport  and  mobility  infrastructure  won’t  see  significant  growth  until  2005, according 
to  Dell’Oro  Group.  In  a  set  of  five-year  forecasts,  Dell’Oro  said  the  router  market  will 
grow  from  $6.3  billion  in  2003  to  $8.6  billion  in  2008.The  second  half  of  2003  was  the 
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Yo,  anti-virus  vendors 

Could  you  kindly  shut  off  the  ‘'feature"  that  sends  out  warning  messages  to  people 
who've  allegedly  sent  virus-infected  messages  to  your  users?  Because  most  worms 
now  grab  random  addresses  for  the  "from”  field,  these  messages  do  little  except 

iilarm  the  innocent  and  annoy  the  rest  of  us.  Comment  at  www.nwfusion.com, 

DocFinder:  9540. 


www.nwfusion.com 


■  Tht GoodeBadellgly 


Social  creatures.  Internet  users  are  not  the  shut-ins  some  people 
would  have  you  believe.  Rather,  Internet  users  in  14  countries  were  found  to  spend 
more  or  as  much  time  as  non-users  in  social  activities,  according  to  the  UCLA 
World  Internet  Project. 

No,  they  weren't  to 
Monica.  E-mail  might  have  hit 
its  stride  during  Bill  Clinton’s  reign 
as  president,  but  don't  thank  him. 

According  to  Reuters,  Clinton  only 
sent  two  e-mails  during  his  presidency, 
one  to  astronaut  John  Glenn,  the 
other  simply  a  test  message. 

Clinton's  staff  sent  nearly  40  million 
messages  over  his  two  four-year 
terms.  All  of  the  messages  will  be  archived 
at  the  Clinton  presidential  library. 


®  Bookies  and  bandwidth.  Online  gambling  sites  were  prepping  for 
the  worst  —  in  terms  of  distributed  denial-of-service  attacks  —  this  past  weekend 
despite  the  fact  that  the  Super  Bowl  is  gambling's  biggest  sports-wagering  event 
of  the  year.  Gambling  site  operators  say  extortionists  squeeze  their  bandwidth  if  they 
don't  pay  protection  money.  "Everybody’s  scared,"  says  Ido  Raviv,  company  manager 
at  Netgames,  which  runs  an  online  sports  book  out  of  Belize. 


“turning  point”  for  the  market,  which  had  experienced  declining  sales  for  several  years, 
Dell’Oro  says.  Telecom  service  providers  and  businesses  are  planning  to  increase 
investment  in  their  router  networks  this  year,  and  Dell’Oro  expects  this  trend  to  con¬ 
tinue  for  the  next  five  years.  The  optical  transport  equipment  market  will  be  flat  this 
year,  after  years  of  decline,  and  will  return  to  sales  growth  in  2005,Dell’Oro  says.  Optical 
transport  equipment  sales  will  reach  $7.3  billion  by  2008,  the  firm  predicts,  from  $6.1 
billion  in  2003. 

Novell  makes  Massachusetts  official  headquarters 

■  Long  rumored,  Novell  is  officially  moving  its  headquarters  from  Provo,  Utah,  to 
Waltham,  Mass.,  the  home  of  much  of  its  executive  and  management  teams.  Novell, 
which  has  2,000  employees  in  Utah,  will  maintain  its  company  locations  in  that  state.  In 
recent  years,  Novell  has  acquired  three  Massachusetts  companies:  Cambridge 
Technology  Partners,  Ximian  and  Silverstream  Software.  The  company  once  had  large 
offices  in  San  Jose  and  Austin, Texas,  but  closed  those. 

Trademark  suit  targets  Google  technology 

■  A  distributor  of  window  blinds  and  wallpaper  has  filed  a  lawsuit  against  Google, say¬ 
ing  the  search  engine’s  keyword-based  advertising  violates  its  trademarks.  American 
Blind  &  Wallpaper  Factory,  based  in  Plymouth,  Mich.,  filed  the  trademark  lawsuit  in  the 
U.S.  District  Court  for  the  Southern  District  of  New  York.  Codefendants  in  the  lawsuit 
include  Netscape  and  Ask  Jeeves, sites  that  use  Google’s  search  engine.  American  Blind 
argues  that  Google,  by  selling  keyword-based  advertising  to  competing  retailers  when 
Google  users  search  on  “American  Blind”  or“American  Blinds”  is  violating  the  company’s 
trademark.  American  Blind  had  threatened  to  file  the  lawsuit  last  year. That  prompted 
Google,  in  a  filing  with  the  U.S.  District  Court  for  the  Northern  District  of  California  on 
Nov.  26,  to  argue  that  “American”  and  “Blind”  and  other  words  American  Blind  was  claim¬ 
ing  as  trademarks  are  descriptive  and  shouldn’t  enjoy  trademark  protection. 

Gateway  snaps  up  eMachines 

■  Gateway  plans  to  acquire  eMachines  for  about  $200  million  to  increase  its  shrinking 
PC  revenue  while  it  pursues  the  consumer  electronics  market,  the  companies 
announced  last  week.  The  deal  will  provide  Gateway  with  the  revenue  generated  by 
eMachines’  strength  among  consumers  in  retail  channels,  the  companies  said. 
EMachines  sells  low-cost  PCs  that  have  made  inroads  with  U.S.  consumers,  who  pur¬ 
chased  enough  PCs  from  the  company  to  lift  it  into  fourth  place  ahead  of  Gateway  in 
the  fourth  quarter,  according  to  1DC.  Gateway  Chairman  and  CEO  Ted  Waitt  will  give  up 
the  CEO  title  to  eMachines  CEO  Wayne  Inouye,  but  will  remain  as  chairman  and  will 
have  an  active  role  in  Gateway’s  future,  the  company  said. 


We  come  in  peace  to  rid  your  world 
of  costly,  complex  SANs. 


For  small,  medium  and  global  enterprises  that  demand  the  power  of  storage  networking  —  without 
the  cost  and  complexity  —  QLogic  is  the  company  behind  a  whole  new  generation  of  switches,  host 
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Debate  heats  up  over  e-mail  quarantine 


■  BY  ELLEN  MESSMER 


The  widespread  outbreak  last 
week  of  the  MyDoom  mass- 
mailer  worm,  which  tricked  end 
users  into  opening  infected  files, 
renewed  debate  over  whether 
companies  should  ban  or  at  least 
quarantine  e-mail  attachments  to 
safeguard  their  networks. 

Some  say  such  an  effort  isn’t 
practical,  but  others  already  do 
just  that  for  some,  if  not  all, 
attachments. 

“We  do  filter  out  .exe  and  other 
executables,”  says  Bob  Ciurylo, 
manager  of  IT  security  at  North¬ 
east  Utilities,  whose  10,000  em¬ 
ployees  get  a  combined  80,000  to 


i 


Feds  to  the 
rescue? 

A  division  of  the 
Department  of 
Homeland  Security 
last  week  announced  new 
threat-alert  services  to 
inform  IT  professionals 
and  the  public  of  computer 
viruses  and  other  such 
problems  as  they  arise. 

According  to  AmitYoran, 
director  of  the  National 
Cyber  Security  Division, 
the  National  Cyber  Alert 
System  has  two  basic  ser¬ 
vices,  both  free.  The  first 
is  called  Cyber  Security 
Bulletins,  which  are 
intended  for  IT  profession¬ 
als  as  bi-weekly  sum¬ 
maries  of  security  issues, 
new  vulnerabilities,  poten¬ 
tial  impact  and  actions  to 
mitigate  risk. Those  inter¬ 
ested  in  receiving  these 
bulletins  can  sign  up  at 
www.us-cert.gov. 

At  the  same  site,  you 
can  sign  up  for  Cyber 
Security  Alerts  about  new 
threats  requiring  rapid 
action.  One  form  of  the 
service  is  intended  for 
non-technical  users  and 
the  other  for  the  more 
technically  advanced.  The 
notifications  will  be  sent 
as  digitally  signed  e-mail 
so  hackers  can’t  fake  the 
cyber-security  alerts. 
Cyber-alert  information 
j  also  will  be  posted  at 
www.us-cert.gov. 

—  Ellen  Messmer 


100,000  e-mails  a  day  As  news  of 
MyDoom  surfaced, Northeast  Util¬ 
ities  told  employees  not  to  open 
any  unexpected  messages,  a 
move  Ciurylo  says  helped  mini¬ 
mize  damage.  For  those  employ¬ 
ees  really  needing  files  in  a  cer¬ 
tain  format,  the  company  uses  a 
less  risky  FTP-based  system. 

Chip  designer  Ubicom  blocks 
inbound  and  outbound  e-mail 
attachments  using  software  from 
Network  Associates. 

“We  don’t  want  to  take  the 
chance  on  a  [worm]  infestation,” 
says  Jim  Poehlman,  IT  director  at 
the  75-person  company  in 
Mountain  View,  Calif.  “We  don’t 
want  to  be  sending  viruses  out  to 
the  network  either.” 

As  of  Friday  the  initial  version  of 
MyDoom  (also  called  Novarg.A) 
had  infected  hundreds  of  thou¬ 
sands  of  Windows  desktops  in  its 
sweep  across  the  Internet  and 
showed  no  signs  of  slowing. 

After  fooling  users  into  opening 
infected  .exe,  .cmd  and  other  files, 
the  attachments  compromised 
machines  and  mailed  themselves 
off  again,  clogging  e-mail  servers 
at  large  companies  such  as 
Boeing  and  pushing  e-mail  trans¬ 
mission  on  the  ’Net  up  30%  dur¬ 
ing  the  worm’s  first  days. 

MyDoom,  already  rated  as  one 
of  the  worst  worms  in  history 
turned  computers  into  spam 
relays,  opened  doors  for  hackers 
and  created  platforms  set  to 
launch  denial-of-service  (DoS) 
attacks  against  The  SCO  Group  on 
Feb.  1.  SCO’s  Web  site  last  week 
was  intermittently  up  and  down, 
which  the  company  acknowl¬ 
edged  was  probably  a  result  of 
MyDoom-generated  DoS  attacks. 

A  second  variant,  which  anti¬ 
virus  firms  said  has  so  far  been 
less  successful  in  spreading, 
blocked  user  access  to  anti-virus 
Web  sites  and  is  scheduled  to 
launch  a  DoS  attack  on  Microsoft 
tomorrow. 

It  took  anti-virus  vendors  more 
than  an  hour  to  prepare  a  signa¬ 
ture  update  for  desktop  and  gate¬ 
ways  to  stop  the  two  versions,  and 
far  longer  to  prepare  tools  to  erad¬ 
icate  traces  of  it  from  desktops. 

Gartner  last  week  estimated 
cleaning  up  after  MyDoom  — 
and  the  Trojan  horses  it  leaves  be¬ 
hind  —  probably  will  cost  $250 
million  in  lost  productivity.  That’s 
five  times  the  estimated  cost  of 
last  year’s  SoBig  mass  mailer. 

Gartner  analyst  John  Pescatore 
lamented  that  efforts  to  educate 
end  users  over  the  past  decade 
not  to  open  suspect  attachments 


How  to  squish  worms 


© 


Teach  employees  to  be  wary  of  unexpected  attachments. 

Consider  filtering  out  executable  attachments  at  the  gateway. 

Quarantine  filtered  attachments  for  later  examination  or 
retrieval. 

When  possible,  block  network  ports  exploited  by  a  worm. 


•  Run  anti-virus  software  at  the  desktop  and  gateway  as  a  defense, 
but  recognize  that  cleaning  infected  machines  of  worm  back 
doors  requires  special  tools. 


«  Ban  and  block  peer-to-peer  file  sharing  unless  it  has  business 
value. 


•  Promote  use  of  digital  signing  to  assure  e-mail  authenticity. 


“have  a  very  low  return  on 
investment. ...  Six  weeks  after  any 
virus  incident,  users  are  back  to 
double-clicking  on  any  and  all 
attachments.” 

Pescatore  recommends  that 
companies  regularly  quarantine 
attachments  received  via  the  In¬ 
ternet  for  an  hour  or  so,  and  then 
letting  them  through  if  anti-virus 
alerts  aren’t  being  issued.  “The 
anti-virus  vendors  are  getting 
much  better  at  having  early  warn¬ 
ing  systems,”  he  says. 

Of  course  anti-virus  tools  can’t 
do  the  job  alone,  Pescatore  says. 
He  suggests  using  intrusion-pre¬ 
vention  systems  and  desktop  fire¬ 
walls  as  well. 

But  some  organizations  say 
proactive  blocking  of  e-mail  with 
executables  isn’t  practical. 

Consultancy  Itdojo,  for  instance, 
scans  but  does  not  block  mes¬ 
sages.  Colin  Weaver,  Itdojo’s  presi¬ 
dent,  says  some  of  the  company’s 
customer  contact  is  done  exclu¬ 
sively  by  e-mail  and  that  the  firm 


relies  on  .pdf,  .doc  and  other  file 
formats  for  things  such  as  receipts 
from  electronic  transactions. 

‘As  part  of  this  communication, 
we  regularly  exchange  e-mails 
containing  attachments,”  Weaver 
says.  “Most  of  our  invoicing  is 
done  via  e-mail  attachment.” 

Joe  Adams,  director  of  IT  for 
Converdyn,  a  marketing  agency 
for  uranium  and  nuclear  fuels  in 
Denver,  says  his  company  is  con¬ 
sidering  quarantining  e-mail 
attachments  for  two  hours  to  pre¬ 
vent  virus  outbreaks.  But  he 
notes  that  while  quarantining 
“from  the  techie  point  of  view 
sounds  great,”  to  upper  manage¬ 
ment  it  often  doesn’t  fly 

In  the  meantime,  Converdyn 
depends  on  educating  end  users 
about  the  dangers  of  attach¬ 
ments  —  and  last  week  he 
instructed  them  via  e-mail 
broadcast  to  delete  any  mes¬ 
sages  they  had  doubts  about  in 
advance  of  the  anti-virus  update 
for  MyDoom.  ■ 
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We  have  added  new  features  to  www.nwfusion.com,  and 

redesigned  the  site  to  make  it  easier  to  navigate  and  to  bet¬ 
ter  highlight  our  content. 

New  features  include  a  research  center  on  data  centers  where 
you  can  keep  abreast  of  developments  on  everything  from  grid 
computing  to  autonomic  servers  and  management  advances.  / 
We’ve  also  added  a  new  page  called  Layer  8  to  showcase  the  best 
of  Network  World  Fusion  —  the  exclusive  stories,  tools,  downloads, 
resources  and  information  you  need  —  as  well  as  upcoming  fea¬ 
tures  and  specials.  Updated  throughout  the  day,  Layer  8  also  will 
keep  you  up  to  date  on  happenings  in  entertainment,  sports  and  the 
world  at  large. 

To  simplify  navigation,  the  site  has  been  streamlined,  and  now 
has  more  home  page  entry  points  to  key  enterprise  network 
resources. 

Send  your  comments  to  Adam  Gaffin,  online  editor, 
agaffin@nww.com.  ■ 
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rs:  Lotus  pointed  in  right  direction 


•  3Y  JOHN  FONTANA 

ORLANDO  —  IBM  Lotus  users 
say  the  software  vendors  collabo¬ 
ration  strategy  appears  headed  in 
the  right  direction  but  that  there 
are  a  lot  of  gaps  to  fill  before  the 
company  can  succeed  at  inte¬ 
grating  the  Notes/Domino  plat¬ 
form  into  its  Lotus  Workplace  and 
WebSphere  lineup. 

Last  week,  attendees  at  the 
annual  Lotusphere  conference 
scrambled  to  discover  more 
about  future  Notes  clients,  the 
new  Lotus  Workplace  Client  Tech¬ 
nology  and  how  Notes  applica¬ 
tions  will  fare  on  IBM’s  portal- 
based  collaboration  platform. 
They  also  said  IBM/Lotus  will 
need  some  new  development 
tools,  although  none  were  an¬ 
nounced  at  the  conference. 

Attendees  said  there  were  a  lot 
of  loose  ends  at  Lotusphere  and 
that  the  gathering  lacked  its  usual 
“big  bang”  pronouncements 
about  future  products  and  in¬ 
stead  had  the  feel  of  a  staid  IBM 
business  meeting. 

“I  kept  waiting  for  the  other 


shoe  to  drop  at  the  opening  key¬ 
note,"  says  Scott  Wenzel,  a  Notes 
administrator  for  a  federal 
agency.  “Lotusphere  has  always 
been  about  raising  expectations 
and  they  have  not  done  that.” 

Instead  of  fireworks,  IBM/Lotus 
dissected  the  technologies  it  has 
been  talking  about  for  the  past  six 
to  12  months,  while  offering  only 
a  glimpse  of  the  future,  including 
Notes  7,  which  is  expected  to  ship 
next  year,  and  Notes  8,  which  will 
become  a  client-side  component 
inside  IBM’s  new  Workplace 
Client  Technology  unveiled  at 
Lotusphere. 

Notes/Domino  8  is  expected  to 
fully  integrate  the  client  and 
server  into  IBM’s  portal  strategy 
around  Lotus  Workplace,  which 
runs  on  WebSphere  and  DB2. 

The  Workplace  Client  Technol¬ 
ogy  is  a  browser-based  Java  client 
built  on  the  Eclipse  open  source 
framework  that  includes  a  small 
database  to  support  offline  data 
use.  The  Client  Technology  will 
run  on  the  desktop  and  the  Notes 
8  client  will  run  inside  it.  “It’s  not 
an  emulation  layer,  it’s  Notes 


The  IBM  Lotus  road  map 


IBM  Lotus  is  on  an  aggressive  path  to  evolve  the  traditional  Notes/Domino  platform  and  the 
new  Lotus  Workplace  lineup  of  collaborative  components  that  run  on  WebSphere  Portal  and 
the  DB2  database. 


January-March  2004 
Notes/Domino  6.5.1: 

Highlights:  Workplace  serves  as  front  end  and  Domino  as  back  end. 


October-Dec.  2004 
Lotus  Workplace  2.5: 

Highlight:  Mobile  support. 
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April-June  2004 
Lotus  Workplace  2.0: 

Highlights:  Document  management  component; 
Workplace  Builder,  Workplace  Client  Technology. 


inside  a  bigger  thing,”  says  Ed 
Brill,  who  examines  competing 
technologies  as  manager  of 
Lotus’  competitive  project  office. 
“It’s  the  same  Notes  code  carried 
forward  in  a  different  form.” 

The  intent  is  to  let  Notes  appli¬ 
cations  execute  within  a  browser 
using  the  Notes  8  client,  a  so- 
called  rich  client  that  can  store 
data  locally  and  run  applications 
offline.  But  IBM/Lotus  hasn’t  fig¬ 
ured  out  the  exact  technology  it 


IBM  adds  remote  management 


■  BY  DENISE  DUBIE 

IBM  last  week  unveiled  remote  management  ser¬ 
vices  designed  to  let  customers  adopt  utility  com¬ 
puting  in  their  data  centers  and  pay  for  the  services 
based  on  usage. 

The  on-demand  model,  dubbed  IBM’s  Strategic 
Outsourcing  Flexible  Support  Option, lets  customers 
keep  their  hardware,  applications  and  employees  in 
place,  while  IBM  handles  management,  computing 
capacity  and  network  and  storage  resources  via  an 
Internet  connection.  In  the  past,  IBM  would  support 
only  a  pay-for-use  model  if  customers  surrendered 
control  over  IT  assets  and  employees. 

Although  remote  management  isn’t  new,  IBM’s 
offers  to  manage  entire  data  centers  that  have  het¬ 
erogeneous  software  and  hardware  products  is,  says 
Doug  Chandler,  an  analyst  at  IDC. 

“In  most  cases,  remote  management  tends  to  be 
much  narrower,  involving  some  servers  or  a  network, 
and  it’s  typically  the  vendor  of  those  products  doing 
the  remote  management,”  he  says.“Here  IBM  is  offer¬ 
ing  to  provide  remote  management  of  a  data  center 
environment,  as  opposed  to  individual  devices.” 

This  outsourcing  scenario  uses  IBM’s  Universal 
Management  Infrastructure  (UMI),an  IT  framework 
the  company  rolled  out  last  year,  to  link  the  client’s 
data  center  with  the  IBM  remote  management  site. 
IBM  also  uses  UM1  to  fully  host  customer  operations. 
In  the  new  “hybrid  IT  outsourcing”  model,  IBM  fol¬ 
lows  four  steps: 

•  First,  IBM  analyzes  the  client’s  data  center,  maps 
the  infrastructure  and  identifies  ways  to  improve  it. 

«  Second,  IBM  consolidates  and  standardizes  the 


data  center  environment  to  simplify  its  management. 

•  Third,  UMI  is  deployed. 

•  Fourth,  IBM  provides  ongoing  remote  manage¬ 
ment,  most  of  which  is  automated,  of  the  client’s 
entire  data  center  or  of  parts  of  it,  including  applica¬ 
tions,  storage  devices,  servers  and  networks. 

For  Paul  Mercurio,  senior  vice  president  and  CIO 
for  Mobil  Travel  Guide,  in  Park  Ridge,  111.,  using 
IBM’s  remote  management  services  lets  him  pay 
for  computing  much  like  a  homeowner  pays  for 
electricity 

“We  are  busier  in  the  summer  months,  and  our 
monthly  payment  to  IBM  reflects  that.  And  in  the 
winter,  our  bills  go  down,”  Mercurio  says. 

Mobil  Travel  Guide  publishes  travel  planners  and 
hospitality  guides,  and  also  hosts  an  interactive  Web 
site  to  help  customers  find  restaurants  and  hotels. 
When  the  company  decided  to  add  a  Web  presence, 
Mercurio  says,  it  also  signed  on  to  access  computing 
power  and  storage  resources  over  the  Internet  from 
IBM  data  centers. 

Mobil  avoided  a  large  upfront  capital  investment. 

“We  were  starting  from  scratch  and  didn’t  want  to 
put  a  lot  of  capital  into  hardware,  securing  the  data 
center  and  hiring  a  very  specialized  staff,”  Mercurio 
says.“And  for  a  relatively  small  or  new  entity  we  can 
now  handle  large  growth  spurts  without  reconfigur¬ 
ing  our  entire  data  center!’ 

Strategic  Outsourcing  Flexible  Support  Option 
has  been  designed  for  large  and  midsize  compa¬ 
nies.  Pricing  varies,  depending  on  the  customer 
data  center  and  management  services. 

The  IDG  News  Service  contributed  to  this  report. 


will  use  to  support  that.“We  don’t 
want  to  say  what  options  we  are 
exploring  now,  but  we  are  looking 
at  a  range  of  technologies,”  says 
Kevin  Cavanaugh,  vice  president 
of  development  for  messaging 
at  Lotus. 

Observers  say  IBM  is  going  in 
the  right  direction  with  its  risky 
strategy 

“The  Workplace  Client  looks 
like  a  nice  evolution  of  the  client 
technology  but  it  is  too  early  to 
say  what  it  might  be  capable  of 
doing,”  says  Bruce  Elgort,  man¬ 
ager  of  information  services  for 
Sharp  Microelectronics  of  the 
Americas  and  co-founder  of 
OpenNTp  a  project  that  develops 
open  source  software  for  the 
Domino  platform. 

But  Elgort  says  IBM/Lotus  hasn’t 
explained  how  Domino  applica¬ 
tions  will  run  natively  and  with 
100%  fidelity  on  the  WebSphere 
portal  platform.  He  says  the  com¬ 
pany  also  is  missing  a  tool  for 
rapid  application  development 
on  WebSphere,  something  that 
was  expected  to  be  unveiled  at 
Lotusphere. 

“The  big  question  is,  will  the 
rich  client  be  able  to  run  effec- 
tively”  says  David  Ferris,  president 
of  Ferris  Research.  “We  see  Work¬ 
place  as  a  big  leap  of  faith.  It 
could  all  end  in  tears.  It’s  risk/ 

Some  say  that  implied  risk  is 
causing  the  most  concern  among 
end  users. 

“We  are  seeing  customers  inter¬ 
ested  in  finding  out  about  just 
what  this  is,” says  Shoby  John,  vice 
president  and  CIO  of  the 


January-March  2005  — ' 
Notes/Domino  7.0 

Highlights:  Integrate  instant¬ 
messaging  support  with  calendar, 
discussion,  team  workspaces. 

Computer  Software  Alliance,  a 
systems  integrator  in  Houston.“It’s 
an  option  for  those  with  an  inter¬ 
est  in  portal  and  application  de¬ 
velopment  using  J2EE.” 

For  those  that  have  investigated, 
the  overall  benefits  are  obvious, 
especially  when  deploying  col¬ 
laboration  technologies  on  the 
Web  or  managing  corporate 
desktops. 

“Workplace  works  out  of  the 
box;  with  Domino  there  is  a  lot  of 
customization  you  need,”  says 
Dave  Blundell, business  unit  man¬ 
ager  with  Safmarine  Computer 
Services  in  Johannesburg,  South 
Africa.  “And  Workplace  makes 
client  upgrading  easier  because 
you  do  it  from  the  server  and  you 
don’t  touch  the  desktop.” 

Lotus  is  banking  on  users  dis¬ 
covering  those  benefits  and  find¬ 
ing  ways  to  integrate  its  collabo¬ 
rative  platform  technologies. 

“IBM  Lotus  has  demonstrated 
the  migration  and  co-existence 
strategy  for  the  Lotus  faithful  and 
that  is  a  positive,”  says  Mike  Gotta, 
an  analyst  with  Meta  Group.  “But 
the  downside  is  that  they  haven’t 
shown  how  this  new  strategy  will 
make  users  more  productive  in 
terms  of  running  their  business. 
How  do  process  management 
tools  hook  into  the  Workplace 
environment?” 

But  overall,  he  says,  Lotus  so 
far  appears  to  be  beating  Micro¬ 
soft  at  the  game  of  building  a 
next-generation  collaboration 
platform.® 


,  <  “ « / 


Code  talks 

IBM  Lotus  general  manager  Ambpj  Goyal 
says  “code  talks"  and  that  the  company 
plans  to  keep  up  its  rapid  pace  of  product  development.  Read  the 
interview.  DocFinden  9549 
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Double  your  productivity  with  Scan2  technology. 


The  best  way  to  stay  ahead  is  to  double  your 
productivity.  Introducing  Scan2  technology 
Scan2  from  Sharp.  Sharp's  Digital  Imagers  with  Scan2 
technology  are  designed  to  scan  two-sided  documents  in 
a  single  pass. 

Now  your  training  manuals  and  white  papers  can  be 
scanned,  copied,  emailed  and  digitally  distributed  quicker 
than  ever  before. 


In  fact,  it's  115%  faster  than  any  other  product  in  its 
class.  Not  only  is  it  like  having  double  the  help,  it  will  also 
allow  you  to  accomplish  more  tasks,  in  dramatically  less  time. 
Together  with  Sharp's  integrated  network  management 
software  and  security  features,  your  digital  information  is 
safe  and  workflow  is  fully  optimized. 

Visit  sharpusa.com/scan2  or  call  1-800-BE-SHARP  for 
more  information. 


The  AR-M550,  AR-M620  and  AR-M700: 

.  Operate  at  55, 62  and  70  pages-per-minute 
.  Fully  integrated  network  ready  digital  copier/printers 
.  Include  network  management  software  and  document 
filing  capability 


be  sharp 


•  Results  of  Buyers  Laboratory  Inc  Document  Feeding  Speed  tests  (originals  per  minute)  in  22  mode  for  Sharp  AR-M550  vs.  the  following  manufacturers' competitive  models:  Canon  iR  5000  and  5020,  HP  9055  MFP,  Konica  7155.  Kyocera  Mita  KM-5530.  Ricoh  Aficio  1055  and  551.  ^ 

Toshiba  e-STUDKD  550.  ©2003  Sharp  Corporation 
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reme  drives  10G  to  wiring  closets 


a  BY  PHIL  HOCHMUTH 

Extreme  Networks  this  week  is 
expected  to  launch  a  LAN  switch 
aimed  at  making  it  easier  for  cus¬ 
tomers  to  bring  more  Gigabit 
ports  to  the  desktop  and  add  10- 
Gigabit  links  into  enterprise 
wiring  closets. 

The  Summit  400  is  targeted  at 
Gigabit-to-the-desktop  users  who 
are  finding  switch  fabric  and 
uplink  bottlenecks  on  existing 
products.  Extreme  also  is  touting 
the  box  as  a  way  to  simplify  net¬ 
work  topology  by  deploying 
greater  bandwidth  and  switching 
intelligence  at  the  LAN  edge. 

The  Layer  3  switch  has  48  10/ 
100/1000M  bit/sec  ports  and  a 
slot  in  which  two  optional  10G 
Ethernet  transceivers  can  be 
installed.  For  networks  not  ready 
for  10G,  Extreme  says  the  box 
could  be  used  as  a  high-end 
workgroup  switch  for  power 
users  or  as  an  aggregation  layer 
switch,  linking  wiring  closets  to  a 
Gigabit  core. 

The  Summit  400  follows  the 
company’s  launch  of  its  Black- 
Diamond  10K  core  switch  in 
December,  which  has  a  terabit- 
speed  plane  and  can  support 
up  to  four  non-blocking  10G 
Ethernet  ports  per  slot.  With  10G 
in  the  wiring  closet  and  core, 
this  “two-tiered”  network  design 
is  aimed  at  corporations  look¬ 


ing  to  “skip  upgrade  cycles, 
while  allowing  [users]  to  elimi¬ 
nate  an  entire  level  of  complex¬ 
ity  in  the  LAN,”  says  Varun 
Nagaraj,  Extreme’s  vice  presi¬ 
dent  of  product  management. 

A  standard  network  topology 
would  have  Layer  2  wiring-closet 
switches  feed  onto  an  aggrega¬ 
tion  or  distribution  layer  of  rout¬ 
ing  switches,  which  feed  into  a 
LAN  core  layer,  Nagaraj  says.  He 
says  getting  rid  of  the  aggrega¬ 
tion/distribution  layer  could  help 
reduce  capital  expenses  by  elimi¬ 
nating  the  need  for  mid-tier 
switches;  management/opera¬ 
tional  costs  could  be  reduced 
with  less  equipment  to  run. 

With  the  Summit  400,  Extreme 
is  the  first  switch  vendor  to  offer 
a  desktop  Gigabit  product  aimed 
for  wiring  closets  with  10G. 
Cisco’s  Catalyst  3700  series,  Nor¬ 
tel  BayStack  5000  series  and 
Foundry  Networks’  Fastlron  Edge 
Switch  products  all  offer  high 
densities  of  10/1 00/ 1 000M  bit/ 
sec  in  fixed-configuration  boxes, 
but  use  single  or  trunked  10G 
ports  for  uplink  connections. 

While  most  companies  might 
not  be  looking  at  10G  to  the  wir¬ 
ing  closet,  early  demand  exists  at 
some  organizations  for  high¬ 
speed  workgroup  switches. 

One  such  place  is  the  LAN  at 
the  University  of  Pittsburgh’s 
School  of  Information  Sciences, 


Extreme’s  new  LAN  blueprint 


Extreme  says  users  can  eliminate  a  layer  of  network  switching  with  its  lOG-enabled 
Summit  400  edge  and  BlackDiamond  10K  core  switches. 


Standard  LAN 


Gigabit  uplinks 
from  the  edge 
to  the  distri¬ 
bution  layer 
and  to  the 
core,  where 
Layer  3  routing 
is  supported. 


Core  switch 


Extreme’s  new  10G,  two-tier  LAN 
BlackDiamond  10K 


. .  Distribution 

|ayer  switch 


Layer  2 
10/100  ports 
connect 
end  users 
at  the  edge. 


10  Gigabit  up¬ 
links  from  edge 
to  an  Extreme 
BlackDiamond 
10K  in  the  core, 
eliminating  the 
distribution 
layer. 
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Summit 
400  Layer  3 
switching 
and  10/100/ 
1000  links 
at  the 
edge. 


with  clusters  of  servers  and  high- 
end  workstations. 

“The  [Summit  400]  appeals  to 
me,”  says  Mark  Steggert,  network 
administrator  for  the  school, 
“because  our  bandwidth  needs 
are  likely  to  keep  growing  rapidly 
over  the  next  few  years.”  Research 
projects  at  the  school  include 
analysis  of  geological  data  and 
modeling  for  future  telecom 
networks. 


Steggert  had  deployed  some 
earlier  Summit  switches,  but 
found  the  connections  were 
becoming  bottlenecked  as  end 
users  filled  up  their  Gigabit  pipes. 
The  Summit  400  includes  a  160G 
bit/sec  switch  fabric  —  more 
bandwidth  than  some  distribu¬ 
tion  and  core  switch  products, 
and  twice  as  much  capacity  as 
previous  Extreme  Summit  boxes. 

Steggert  says  he  is  connecting 


NetScreen,  WatchGuard  resize  appliances 


■  BY  TIM  GREENE 

NetScreen  Technologies  and  WatchGuard 
Technologies  this  week  will  join  the  crowd  of 
vendors  pushing  harder  to  get  midsize  busi¬ 
nesses  to  buy  their  multifunction  security 
appliances. 

The  thinking  behind  the  effort  goes  some¬ 
thing  like  this:There  are  lots  of  businesses  with 
between  100  and  1,000  employees  (88,000  in 
the  U.S.  by  NetScreen’s  count,  105,000  by 
WatchGuard’s  tally)  but  they  typically  don’t 
have  enough  IT  staff  to  learn,  manage  and 
maintain  scads  of  individual  security  boxes 
per  site.  Multifunction  devices  are  intended  to 
simplify  security  management. 

The  NetScreen  and  WatchGuard  announce¬ 
ments  focus  on  giving  companies  the  option 
to  buy  one  hardware  platform  and  then 
upgrade  it  as  necessary  Both  offer  firewall 
and  VPN  protection,  and  WatchGuard  in¬ 
cludes  several  other  security  features,  includ¬ 
ing  anti-virus. 

Their  announcements  come  after  Sonic- 
Wall  announced  SonicWali  Pro  2040,  which 


comes  in  standard  ($2,000)  and  enhanced 
($2,750)  versions,  and  Check  Point  an¬ 
nounced  its  Edge  X  series  of  appliances  that 
range  from  $800  to  $2,000. 

Unionbay  Sportsware  in  Seattle  uses  Watch- 
Guard’s  new  appliances  in  part  because  they 
offer  flexibility  The  devices  can  be  configured 
to  segment  networks  into  secure  zones  with 
separate  firewalls  that  can  provide  internal 
authentication  for  Internet  access,  says  Erika 
Anderson,  technical  services  supervisor  for 
the  250-employee  company  “It  can  partition 
within  the  network  but  also  let  mobile  users 
access  the  network  from  outside,”  she  says. 

Anderson  says  the  company  plans  to  add 
Web-filtering  and  spam-blocking  software  to 
the  boxes  later.“Having  all  these  solutions  in 
one  product  is  more  cost-effective  and  easier 
to  manage.” 

The  new  appliances 

NetScreen  is  introducing  scaled-back  ver¬ 
sions  of  five  models  —  the  25,50,204,208  and 
500.The  new  Baseline  models  (as  opposed  to 
the  existing  Advanced  editions)  handle  fewer 


router  protocols,  support  only  hot  standby 
failover,  offer  no  support  for  virtual  LANs,  sup¬ 
port  fewer  VPN  tunnels  and  individual  ses¬ 
sions,  and  don’t  support  application-layer 
packet  inspection. 

Prices  range  from  $2,800  to  $20,000,  about 
20%  less  than  for  the  Advanced  versions 
(though  upgrading  from  Baseline  to  Ad¬ 
vanced  costs  more  than  buying  Advanced  in 
the  first  place). 

WatchGuard  is  introducing  brand-new 
hardware  called  the  Firebox  X  that  can  be 
upgraded  into  four  distinct  models  priced 
from  $1,900  to  $5,000,  depending  on  through¬ 
put, security  features  and  number  of  Ethernet 
ports.  In  addition  to  activating  up  to  six  phys¬ 
ical  ports  and  more  throughput,  these 
devices  can  be  upgraded  with  features 
including  anti-virus,  anti-spam,  Web  filtering 
and  high  availability. They  also  have  a  bay  for 
a  hard  drive  to  quarantine  suspicious  files. 

As  with  NetScreen’s  pricing, upgrading  from 
one  WatchGuard  model  to  another  costs 
more  than  buying  a  higher-end  model  from 
the  start.  ■ 


the  Summit  400  with  an  older 
Extreme  BlackDiamond  in  the 
core  with  four  trunked  Gigabit 
links.  This  year,  he  plans  to  move 
to  10G  uplinks. 

“As  the  client  side  becomes 
faster,  [end  users]  will  eventually 
saturate  the  trunked  Gigabit 
links,”  Steggert  says.The  ability  to 
have  multiple  trunked  10G  links 
will  be  a  future-proofing  exercise 
for  us.” 

While  the  Summit  400  might 
offer  glimpses  at  a  new  10G  blue¬ 
print  for  corporations,  one  analyst 
says  it  will  be  some  time  before 
10G  drastically  reshapes  how 
they  architect'their  LANs. 

“There  are  still  a  fair  number  of 
people  trying  to  get  Gigabit  to  the 
wiring  closet,”  says  Abner  Ger- 
manow,  an  analyst  with  IDC. 

Eliminating  a  network  layer  by 
running  10G  directly  from  wiring 
closets  to  the  core  could  reduce 
network  complexity,  but  the  high 
costs  of  10G  Ethernet  might  out¬ 
weigh  savings  on  capital  and 
operational  expenses  in  running 
an  enterprise  LAN,  Germanow 
says.  Extreme’s  fully  loaded  Sum¬ 
mit  400  with  10G  uplinks  is 
priced  at  about  $20,000. 

The  Summit  400  is  expected  to 
be  available  at  the  end  of  the 
month  with  a  base  cost  of 
$10,000,  or  about  $200  per  Gigabit 
port.  The  dual-port  10  Gigabit 
uplink  card  is  expected  later  this 
year  for  $8,000.  Optical  XENPAC 
port  inserts  will  range  from  $4,000 
to  $5,000,  depending  on  distance 
of  the  link  supported.  ■ 


and  easily  to  protect  your  critical  data,  with  no  need  to 
%  reconfigure  your  network. 
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“Overcoming  Common  Firewall  Limitations,”  visit 
www.lucent.com/better-firewall. 


Lucent  VPN  Firewall  Brick® 
Models  20,  80  &  1100  shown 


Lucent  Technologies 

Bel!  Labs  Innovations 
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timism  pervades  at  quiet  GomNet 


M  BY  DENISE  PAPPALARDO  AND 
CARA  GARRETSON 

Snow  and  ice  might  have  con¬ 
tributed  to  the  ghost  town  that 
was  ComNet  2004,  but  the  hearty 
few  who  attended  found  interest¬ 
ing  sessions  and  saw  announce¬ 
ments  from  MCI  and  Sprint. 

In  its  day,  ComNet  was  the  gath¬ 
ering  place  for  telecom  and  net¬ 
work  executives  as  the  first  show 
of  the  year.Some  of  the  largest  ser¬ 
vice  providers  and  equipment 
manufacturers  used  the  venue  for 
flashy  press  conferences  an¬ 
nouncing  their  latest  products. 

Vendor  participation  and  user 
attendance  has  trailed  off  over 
the  years,  and  this  year’s  ComNet 
was  a  shadow  of  what  it  once 
was,  attracting  only  71  exhibitors. 
IDG  World  Expo,  which  sponsors 
the  show  and  is  a  sister  company 
of  Network  World,  would  not 
reveal  attendance  numbers,  but 
keynote  presentations  seemed  to 
max  out  at  about  70  people. 

One  keynote  was  called  Beauti¬ 
ful  Minds  2:  The  Innovators 
Speak,  a  session  moderated  by 
Network  World  President  and 
Editorial  Director  John  Gallant 
that  featured  Amtrak  CIO  Bob 
Galey  and  George  Washington 
University  CIO  David  Swartz. 

Galey  said  because  of  the  eco¬ 
nomic  downturn,  Amtrak  didn’t 
have  any  “gigantic,  world-chang¬ 
ing  projects  on  the  books”  when 
its  CEO  David  Gunn  took  office  in 
May  2002.  Amtrak  is  focused  on 
getting  existing  systems  and  oper¬ 
ations  in  “good  working  order”  to 
improve  efficiency  and  reduce 
costs,  he  said. 

That’s  not  to  say  that  the  publicly 


■  THIS  WEEK’S  QUESTION: 

Computer  experts  have 
panned  a  system  dubbed 
SERVE  that  is  designed 
to  let  people  do  what 
online? 

Stumped?  Get  the  answer  online. 

Visit  Network  World  Fusion  and  enter 
2349  in  the  Search  box. 


COMNET 


subsidized  organization  doesn’t 
have  grand  plans.  Long  term, 
Amtrak  hopes  to  include  its  trains 
as  nodes  on  its  WAN  so  riders  can 
access  the  Internet,  Galey  said. 

When  the  discussion  turned  to 
saving  money,  Galey  said  that 
Amtrak,  a  large  IBM  customer, 
isn’t  afraid  to  shop  business 
around  when  software  contracts 
expire.  To  ensure  he’s  getting  the 
best  price,  Galey  puts  out  multiple 
RFPs  to  avoid  getting  locked  in. 

GWU’s  Swartz  last  year  was  fac¬ 
ing  a  15%  IT  budget  cut.  He 
looked  across  the  organization  to 
see  how  other  departments’  bud¬ 
get  proposals  were  faring  and 
realized  many  groups  listed  new 
IT  projects  as  a  way  to  improve 
efficiency  The  CIO  used  that  infor¬ 
mation  to  his  advantage,  arguing 
that  his  department  couldn’t  sup¬ 
port  these  projects  and  still  make 
the  cuts.  Instead  he  ended  up 


with  a  4%  to  5%  increase  in  his 
own  budget. 

Given  the  general  upbeat  nature 
of  the  CIOs,  one  audience  mem¬ 
ber  asked  if  either  organization 
was  hiring.  Galey  said  Amtrak  is 
taking  small  steps,  hiring  contrac¬ 
tors  to  work  on  projects. 
Swartz  indicated  he  is  hiring. 

If  attendees  were  looking  for 
signs  of  industry  recovery  they  got 
something  of  a  mixed  message  in 
ComNet’s  Venture  Summit  ses¬ 
sion.  Ernst  &  Young  partner  Bryan 
Pearce  reviewed  a  VentureOne/ 
Ernst  &  Young  Venture  Capital 
Report  that  showed  fourth-quar¬ 
ter  2003  venture  capital  invest¬ 
ments  in  private  companies  at 
$4.5  billion.  That  is  the  highest 
quarterly  level  reached  in  more 
than  a  year,  Pearce  said. But  invest¬ 
ments  in  telecom  and  network 
companies  were  down. 

“It  seems  things  bottomed  out 
during  2003  . . .  and  are  starting  to 
show  a  healthy  pickup,”  Pearce 
said  about  venture  funding  over¬ 
all.  However, “for  communications 


Washington  Mutual's  Nabil  Badr, 
network  architect,  accepts  the 
2003  Network  World  User  Excel¬ 
lence  Award  for  successfully  build¬ 
ing  a  massive  MPLS  network  to  link 
3,000  locations. 

and  networking  companies,  we’re 
not  completely  out  of  the  woods 
yet,”  he  said. 

While  neither  Sprint  nor  MCI 
were  officially  at  the  show,  they 
separately  made  service  an¬ 


nouncements  in  conjunction 
with  ComNet. 

Sprint  expanded  its  line  of  VPN 
services  by  adding  a  Multi-proto¬ 
col  Label  Switch-based  VPN  offer¬ 
ing  and  announced  a  Secure 
Sockets  Layer  Remote  Access  ser¬ 
vice  (see  www.nwfusion.com, 
DocFinder:  9547).  Both  offerings 
are  available,  but  the  carrier 
would  not  reveal  pricing. 

MCI  announced  an  Internet 
Broadband  Satellite  service  as 
an  alternative  for  users  that  can’t 
get  DSL  and  don’t  want  to  pay 
the  costs  for  a  dedicated  T-l 
(DocFinder:  9548). The  carrier  is 
teaming  with  satellite  provider 
Tachyon  to  deploy  the  offering. 
The  service  will  support  data 
transmission  speeds  of  128K 
bit/sec  upstream  and  384K 
bit/sec  downstream  or  256K 
bit/sec  upstream  and  1M  bit/sec 
downstream. 

MCI  says  the  service  will  be 
available  in  March  with  prices 
starting  at  about  $300  to  $400 
per  month.  ■ 


HP  mulls  Opteron  processor  options 


■  BY  JENNIFER  MEARS 

Business  users  and  analysts 
are  applauding  reports  that  HP 
might  be  readying  servers  based 
on  Advanced  Micro  Devices’  32- 
/64-bit  Opteron,  saying  the  pro¬ 
cessor  will  provide  an  attractive 
alternative  for  companies  un¬ 
sure  about  migrating  to  Intel’s 
64-bit  Itanium  chip. 

“HP  acknowledges  customer 
demand  for  support  from  a  trust¬ 
ed  vendor  for  x86  extensions 
technology  in  certain  vertical  seg¬ 
ments  where  specific  price/per¬ 
formance  needs  exist,”  an  HP 
spokesman  said  last  week.  “HP  is 
currently  assessing  our  options  in 
this  area.” 

Today,  those  options  are  lim¬ 


ited.  Only  the  Opteron  offers 
extensions  to  the  x86  instruction 
set,  which  powers  32-bit  systems. 
That  means  the  Opteron  can 
run  32-  and  64-bit  applications 
equally  well.  Itanium,  on  the 
other  hand,  uses  a  different 
instruction  set  and  so  32-bit 
applications  suffer  performance 
degradation,  Intel  admits. 

Intel  is  addressing  the  issue, 
however,  and  last  month  an¬ 
nounced  the  availability  of  IA-32 
Execution  Layer  software  for 
Itanium  systems  running  Win¬ 
dows.  This  will  improve  the  per¬ 
formance  of  32-bit  applications 
on  that  operating  system.  Scott 
McLaughlin,  a  spokesman  for 
Intel,  wouldn’t  comment  on  spec¬ 
ulation  that  the  chip  maker  was 


working  on  its  own  technology  to 
include  64-bit  extensions  for  x86, 
except  to  say  the  company  will 
follow  customer  demand. 

“What  we’re  hearing  from  the  IT 
side  of  the  house  is  people  who 
are  going  to  run  the  64-bit  envi¬ 
ronment  don’t  really  have  that 
much  need  for  32-bit  applica¬ 
tions,”  he  says.  “They  may  need  to 
occasionally  tap  into  mail  or 
some  other  32-bit  application,  but 
it’s  not  their  primary  usage 
model.  So  being  able  to  do  that 
on  Itanium  through  IA-32  EL  suits 
their  needs.” 

He  says  Intel  also  is  watching 
software  support  for  the  different 
architectures.  About  1,000  appli¬ 
cations  have  been  ported  to  Itan- 
ium.The  Opteron  runs  about  400. 


Opting  for  Opteron 

AMD’s  32/64-bit  Opteron  chip  is  finding  some  big  name  backing.  A  look  at  its  trajectory: 

April  22 - 

AMD  unveils  the  Opteron, 
saying  the  chip  eliminates 
barriers  to  64-bit  computing. 


Nov.  17 - 

Sun  announces  an  alliance  with  AMD  to  produce 
Opteron-based  systems  and  says  it  will  begin 
shipping  two-  and  four-way  servers  in  2004. 


12003 


July  30 - 

IBM  introduces  the  Opteron-powered  eServer325 
aimed  at  Linux  clusters  and  says  its  DB2  database 
is  commercially  available  for  Opteron  platforms. 


Jan.  6 


2004 


Microsoft  releases  its  first  public  beta 
of  Windows  Server  2003  for  Opteron. 


Still,  customers  seem  to  be 
migrating  to  the  Opteron  chip. 
According  to  IDC,  about  10,000 
servers  shipped  with  the  Opt¬ 
eron  chip  in  the  third  quarter  last 
year,  compared  with  about  5,000 
Itanium  systems  during  the  same 
period. 

“My  general  philosophy  on  plat¬ 
forms  is  one  size  does  not  always 
fit  all,” says  Joe  Clabby  of  research 
firm  Clabby  Analytics.  “In  regard 
to  HR  they’ve  got  one  size  and 
that’s  Itanium. ...  I  would  be  sur¬ 
prised  if  customers  weren’t  ask¬ 
ing  them  to  put  an  Opteron  prod¬ 
uct  in  their  line." 

HP  is  expected  to  use  the  chips 
in  its  ProLiant  server  line,  most 
likely  for  use  initially  in  high-per¬ 
formance  computing  environ¬ 
ments,  where  strong  performance 
and  low  cost  are  important, 
sources  say  It  wasn’t  clear  when 
the  products  would  be  released. 

Analysts  note  that  while  Op¬ 
teron  offers  64-bit  capabilities,  it 
also  provides  stepped-up  perfor¬ 
mance  for  x86  environments.  For 
that  reason,  HP  which  leads  the 
market  in  worldwide  x86  ship¬ 
ments,  might  be  eyeing  the  chip 
as  a  way  to  keep  customers  from 
moving  to  IBM  or  Sun,  which  are 
both  rolling  out  Opteron 
systems.  ■ 
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Cell  towers 

continued  from  page  1 

to  do  with  cell  phones.” 

About  a  quarter  of  the  esti¬ 
mated  130,000  cellular  towers 
across  the  U.S.are  camouflaged, 
some  as  trees,  others  as  flagpoles 
and  still  others  as  church 
steeples.  Hiding  the  towers  is  a 
tricky  but  essential  part  of  many 
wireless  companies’ strategies. 
After  all,  how  do  you  hide  some¬ 
thing  that  stands  80  or  100  feet 
tall?  Especially  as  carriers’ expan¬ 
sion  plans  have  led  from  build¬ 
ing  towers  mainly  in  the  rural 
areas  where  no  one  cared  what 
they  looked  like  to  raising  them 
in  more  populous  areas  where 
“not  in  my  backyard”  fights  have 
become  commonplace. 

Wireless  providers  try  to  strike 
a  balance  between  supplying 
superior  cell  coverage  and  main¬ 
taining  the  natural  environment. 
It’s  not  always  easy,  because  the 
costs  of  disguising  a  cell  phone 
tower  in  a  municipality  can  sky¬ 
rocket  when  materials  and 
monthly  leases  come  into  play 

For  example,  AT&T  Wireless  has 
about  25,000  cell  sites,  some  of 
which  are  disguised,  but  the 
company  says  it’s  a  challenge. 

“While  we  try  hard  to  work 
with  communities  to  meet  their 
needs,  disguising  towers  tends  to 
increase  the  costs  for  cell  siting, 
which  could  impact  the  cost  of 
providing  service,”  says  Ritch 
Blasi,  director  of  media  relations 
at  AT&T  Wreless. 

Getting  concept  and  financial 
support  from  the  wireless 
provider  is  critical, says  Peter 
Sturdivant,  a  stealth  consultant 
and  agent  for  Stealth  Conceal¬ 
ment  Solutions  in  Charleston, 

S.C. Sturdivant,  whose  company 
constructs  and  camouflages  cell 
phone  towers  on  the  East  Coast, 
says  he  bases  his  cell  tower  dis¬ 
guises  on  how  much  time  and 
money  a  cell  company  is  willing 
to  spend. 

“The  best  bang  for  the  dollar  is 
a  flagpole,  but  that  doesn’t  give  us 
many  creative  options,"  he  says. 

Sturdivant  would  rather  spend 
the  time  and  money  to  build  a 
work  of  modern  art  and  architec¬ 
ture  in  an  urban  or  rural  commu¬ 
nity.  He  says  the  process  involves 
first  walking  around  an  area  and 
finding  the  highest  point  to  place 
a  tower.  Once  the  designer  feels 
he  picked  a  good  spot  in  terms 
of  radio  frequency  many  meet¬ 
ings  with  local  officials  follow. 

Gaining  the  right  to  build  with¬ 
in  a  church  tower  or  steeple 
about  70  feet  tall  can  cost  carri¬ 
ers  about  $100,000  before  con¬ 


struction  even  begins.  With  a 
monthly  rent  or  lease  charge 
going  to  the  church  and  working 
to  maintain  the  structure’s 
unique  charm,  telecom  compa¬ 
nies  can  spend  more  than  $1,000 
per  month  per  tower  and  can 
wait  from  six  months  to  two 
years  from  inception  to  see  a 
project  come  to  fruition. 

Once  the  municipality  and  the 
carrier  agree  on  the  location, 
Sturdivant’s  fun  starts. 

“Working  with  a  historic  build¬ 
ing  is  the  best  because  you  can 
look  at  old  blueprints  and  match 
today’s  work  with  the  work  that 


was  done  200  or  300  years  ago  or 
more,”  he  says. 

He  says  he  enjoys  building 
cell  towers  into  churches,  which 
in  the  Northeast  were  often 
built  on  hills  because  they  rep¬ 
resented  the  center  of  town 
hundreds  of  years  ago.  He  has 
done  30  such  projects  and  each 
has  involved  their  own  chal¬ 
lenges,  such  as  maintaining 
architectural  integrity,  especially 
of  older  buildings.  Performing 
that  type  of  masonry  recon¬ 
struction  and  structure  restora¬ 
tion  helps  him  tap  his  architec¬ 
tural  interests. 


“It  ranges  from  gothic  to  Ro¬ 
manesque  to  modern,  and  I  try  to 
find  as  many  original  drawings  as 
1  can  to  work  from”  he  says. 

For  The  Larson  Co’s  Meyer,  the 
disguises  include  rocks  and  cacti 
to  mask  cell  antennas  and 
switches.  He  says  simulating  the 
deserts,  palm  trees  and  more  bar¬ 
ren  landscapes  of  the  Southwest 
differs  from  locating  a  site  in  the 
Northeast. 

“We  can’t  put  as  many  branch¬ 
es  on  a  palm  tree,  as  say  a  pine 
tree,  so  we  have  to  get  more  cre¬ 
ative  in  how  we  hide  the  technol¬ 
ogy?’  Meyer  says. 


Of  course,  not  all  the  towers  are 
well-hidden,  a  real  sore  point  for 
camouflage  experts. 

Towers  need  to  top  between  80 
or  even  100  feet  to  clear  tree  line 
in  many  parts  of  the  country,  but 
carriers  looking  to  keep  costs 
down  will  limit  the  number  of 
palm  fronds  or  pine  branches  on 
a  fake  tree. 

“When  your  lowest  branch  is  at 
60  feet,  it  looks  pretty  obvious 
and  it  just  isn’t  aesthetically 
pleasing,”  Meyer  says. 

“My  favorite  question,  is ‘What 
type  of  tree  can  we  use  to  put  in 
a  170-foot  tower?”’ Sturdivant 
says.“Look  around;  do  you  see 
any  170-foot  trees?  Something 
like  that  will  grab  attention  and 
not  in  a  good  way?’ 

Sturdivant  cites  one  cell  tower 
masquerading  as  a  phony  tree 
along  Route  90  in  Massachusetts 
near  the  Charlton  Plaza. 

“It’s  one  of  the  ugliest  towers 
I’ve  ever  seen.  It  looks  like  an 
upside-down  Christmas  tree  or  a 
massive  bottle  brush,” Sturdivant 
says.“It  s  not  one  of  ours.  I’m  not 
going  to  be  involved  with  any¬ 
thing  ugly  or  cheap. 

“There  really  isn’t  a  telltale  sign 
to  spot  a  good  stealth  tower?’  he 
says.  ■ 
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Industry  leaders  focus  on  productivity 


■  BY  JENNIFER  MEARS 

The  Information  Work  Productivity  Council, 
created  nearly  two  years  ago  by  industry  lead¬ 
ers  including  Cisco,  HR  Intel  and  Microsoft,  is 
holding  its  first  Information  Work  Forum  this 
week  in  New  York  in  an  effort  to  reach  out  to 
businesses  wrestling  with  the  best 
ways  to  step  up  productivity 

The  invitation-only  event  is  the 
first  sponsored  by  the  council  that 
is  concentrated  on  creating  a 
framework  for  businesses  to  mea¬ 
sure  productivity  stemming  from 
information-centric  technology 
such  as  e-mail,  instant  messaging, 
team  workspaces,  videoconfer¬ 
encing  and  Web  conferencing. 

“It’s  all  about  trying  to  under¬ 
stand  what  is  the  business  value 
of  information  work  in  the  infor¬ 
mation  age,”  says  Craig  Samuel, 
chief  knowledge  officer  at  HP 
Services.  “Today,  information  is 
important  and  IT  is  critical.  But 
what  is  the  value  being  generated?  It’s  very 
hard  to  measure. . .  .We  want  to  help  compa¬ 
nies  find  a  way  that  they  can  build  a  business 
case  for  these  types  of  projects  like  they  would 
for  any  financial  investment  decision  where 
ROl  is  compelling.” 


To  that  end,  the  IWPC  is  in  the  process  of 
developing  a  set  of  metrics  and  industry 
benchmarks  to  let  companies  link  business 
processes  with  the  technology  and  services 
they  use  to  connect  increasingly  dispersed 
workforces. 

The  daylong  forum  will  bring  together  mem¬ 
bers  of  the  IWPC,  leaders  in  gov¬ 
ernment,  including  the  U.S.Army 
the  Government  Accounting 
Office  and  the  Federal  Aviation 
Administration,  and  academia, 
CIOs  and  CEOs  from  organiza¬ 
tions  such  as  Aventis  and 
Johnson  &  Johnson  to  talk  about 
the  evolution  of  information 
work  and  how  it  is  changing  the 
way  companies  do  business. 

Presentations  will  include  verti¬ 
cal  industry-specific  strategies 
and  broader  discussions  about 
how  information-focused  tech¬ 
nology  is  being  used  within  com¬ 
panies.  Samuel  will  talk  about 
the  use  of  collaboration  technol¬ 
ogy  to  jump-start  business. 

HP  uses  Microsoft’s  SharePoint  Portal  Server 
to  connect  employees  and  peer-to-peer  col¬ 
laboration  technology  from  Groove  Networks. 
HP  monitors  the  use  of  this  technology,  deter¬ 
mining  how  many  people  use  the  tools,  where 


and  how  they  use  them,  and  when  and  why 
they’re  not  being  used,  for  example. 

“That  gives  us  a  rudimentary  number  to 
measure  the  collaborative  health  of  our  orga¬ 
nization,”  Samuel  says.  “The  more  people  that 
collaborate  the  better  it  is.The  idea  is  to  break 
down  barriers  and  create  openness.  We  report 
that  to  our  management  team  around  the 
world  and  it’s  in  their  business  goals  every 
month.  Ten  percent  of  our  business  metrics 
are  now  related  to  this  type  of  measurement." 

John  Seely  Brown,  author  and  former  chief 
scientist  and  Palo  Alto  Research  Center 
director  for  Xerox,  will  talk  about  the  chang¬ 
ing  corporate  IT  infrastructure  and  how  flex¬ 
ible,  services-oriented  architectures  allow  for 
more  collaboration  and,  as  a  result,  more 
innovation. 

“The  IT  systems  we  use,  the  ERP  systems  we 
use,  have  created  almost  a  prison  for  us,  and 
we  cannot  move  very  freely  in  that  prison.  So 
any  kind  of  innovation  we  want  to  rapidly 
deploy  has  to  be  squeezed  into  what  our  cur¬ 
rent  IT  systems  and  the  business  processes 
they  support  allow  us  to  do,”  he  says.  “What’s 
happening  now  is  slowly  but  surely  as  an  ex¬ 
tension  of  Web  services.  We’re  starting  to  build 
service-oriented  architectures  . . .  that  enable 
us  to  build  more  loosely  coupled  systems. ...  It 
enables  us  to  innovate  in  ways  we  never  could 
before.’’* 


Craig  Samuel,  chief 
knowledge  officer,  HP 
Services,  says  compa¬ 
nies  that  effectively  col¬ 
laborate  will  be  market 
leaders. 
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■  IBM  is  scaling  up  with  its  latest  net¬ 
work-attached  storage  gateway, 
which  can  support  at  least  224T  bytes 
of  storage.  The  company  last  week 
announced  the  IBM  TotalStorage 
NAS  Gateway  500,  based  on  IBM's 
Power4  processors  running  the  AIX 
operating  system.  The  box  is  a  step  up 
from  the  Windows-based  NAS  Gate¬ 
way  300,  which  will  be  discontinued  in 
March,  IBM  said.  The  gateway  can  be 
managed  through  IBM  Tivoli  Storage 
Manager,  Tivoli  Storage  Resource 
Manager  and  Tivoli  SAN  Manager.  The 
gateway  has  six  PCI  slots,  each  of 
which  can  be  used  for  two  interfaces. 
Customers  can  mix  and  match  be¬ 
tween  1G  or  2G  bit/sec  Fibre  Channel 
storage  network  interfaces  and  Giga¬ 
bit  Ethernet  LAN  interfaces.  The  NAS 
Gateway  500,  available  this  month,  will 
be  priced  from  $60,000. 

■  IBM  has  stepped  up  the  perfor¬ 
mance  of  its  eServer  p655,  which 
runs  on  its  own  64-bit  Power  proces¬ 
sor.  Last  week,  it  announced  that  the 
server,  which  is  geared  for  processor¬ 
intensive  high-performance  computing 
and  for  business  intelligence  work¬ 
loads  in  clustered  environments,  now 
has  eight  1.7-GHz  Power4+  proces¬ 
sors.  A  pSeries  655  with  eight  1.7-GHz 
POWER4+  processors,  1G  bytes  of 
memory  and  two  36.4G-byte  disk  dri¬ 
ves  starts  at  about  $70,000. 

■  Computer  Associates  last  week 
released  a  new  version  of  its  Bright- 
stor  ARCserv  Backup  software 

designed  to  speed  back-up  and  re¬ 
store  operations  for  departmental 
Microsoft  users.  ARCserv  Backup  rll 
is  designed  to  take  advantage  of  tech¬ 
nologies  in  the  Windows  Server  2003 
platform,  such  as  the  Volume  Shadow 
Copy  Service  feature  that  lets  users 
create  “snapshot"  backups  of  sys¬ 
tems.  ARCserv  Backup  features  new 
“multiplexing"  capabilities,  which  let 
tape  drives  operate  more  efficiently 
while  backing  up  data  from  multiple 
servers,  the  company  says.  ARCserv 
Backup  rll  will  be  available  for 
Windows  this  month,  with  pricing 
starting  at  $775. 
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Vendors  push  switch  standard 


■  BY  PHIL  HOCHMUTH 

A  new  interconnect  standard  that  defines 
how  components  in  routers  and  switches 
communicate  could  mean  that  high-per¬ 
forming,  lower-cost  network  gear  could  be 
in  store  over  the  next  few  years. 

Proponents  of  the  Advanced  Switching 
Interconnect  (ASI)  specification  say  a 
broadly  adopted  standard  for  building 
switch  interconnects  could  lower  prices 
on  enterprise  gear.  ASI  backers  also  say  the 
technology  will  be  important  as  the  worlds 
of  computing  and  networks  converge  in 
technologies  such  as  blade  servers. 

The  ASI  Special  Interest  Group  (ASI-SIG) 
last  month  released  Version  1 .0  of  the  ASI 
technical  specifications.The  member  com¬ 
panies  of  AIS  with  respresentatives  on  the 
board  of  directors  includes  Agere  Systems, 
Alcatel,  Huawei  Technologies,  Intel, 
Siemens, Vitesse  and  Xilinx. 

The  board  of  directors  of  the  group 
includes  Agere  Systems,  Alcatel,  Huawei 
Technologies,  Intel,  Siemens,  Vitesse  and 
Xilinx. 

The  ASI  specification  is  essentially  a  net¬ 
work  equipment  version  of  the  PCI  Express 
standard  for  bus/IO  communications  for 
PCs,  servers  and  other  compute  nodes.  PCI 
Express  evolved  from  PCI  and  PCI-X  stan¬ 
dards  for  connecting  peripheral  compo¬ 
nents  and  devices  to  a  system  bus,  such  as 
drive  controllers,  network  interface  cards 
and  modems.  PCI  Express  provides  2.5G 
bit/sec  of  bandwidth,  more  than  twice  as 
fast  as  the  highest-bandwidth  PCI  products 
shipping  now. 

ASI-SIG  intends  to  take  this  model  to  the 
switch  and  router  component  world.  Like 
servers  and  PCs,  large  router  chassis  consist 
of  interconnect  architectures  that  tie 
together  modular  components,  or  blades, 
with  a  central  switch  fabric,  backplane, 
memory  and  CPU  resources.  Some  ven¬ 
dors  of  enterprise  Ethernet  switches  and 
routers  use  a  mix  of  standard  and  propri¬ 
etary  interconnects  on  their  equipment, 
analysts  say 

The  specification  also  is  targeting  other 
PCI  Express-based  features  for  internal 
router  and  switch  components,  such  as 
quality  of  service,  link  aggregation  and 
point-to-point  communications,  according 
to  Rajeev  Kumar,  president  of  the  ASI-SIG 
and  director  of  ASI  initiatives  at  Intel.  ASI 
allows  up  to  eight  classifications  of  traffic 
on  a  switch  fabric,  and  also  lets  chips  and 
memory  communicate  over  direct  con¬ 
nects,  instead  of  via  a  shared  bus.  ASI  is  also 


That’s  a  switch 

Backers  of  ASI  say  the  standard 

will  benefit  end  users  by  letting 

equipment  vendors: 

•  Offer  lower-cost  switches,  by 
producing  products  based  on 
standard  components. 

•  Design  switches  with  faster  I/O, 
backplane,  memory  and  CPU 
interconnects. 

•  Build  higher-scale  switches  and 
routers. 

•  Integrate  switch/router  technology 
better  with  blade  server  and 
storage  technology. 

scalable,  in  that  multiple  2.5G  bit/sec  chan¬ 
nel  paths  on  a  board  can  be  aggregated  up 
to  terabit  levels. 

“When  you  look  at  areas  that  are  ripe  for 
standardization,  there  are  the  enterprise 
access  [WAN  and  LAN]  edge,”  Kumar  says. 


■  BY  CARA  GARRETSON 

Mirapoint  last  week  announced  a  pair  of 
e-mail  gateway  appliances  designed  to 
give  small  and  midsize  businesses  and  re¬ 
mote  offices  a  high  level  of  messaging 
security  without  a  heavy  administrative 
burden. 

The  new  line  of  appliances,  called  Razor- 
Gate,  incorporate  much  of  the  software 
found  in  Mirapoint’s  high-end  Message 
Director  appliance,  but  are  geared  for  small 
organizations  with  limited  IT  staff  and 
resources.  The  RazorGate  100  provides 
e-mail  security  for  companies  with  up  to 
1 ,500  users,  while  the  RazorGate  300  can 
be  used  in  settings  with  up  to  5,000  users, 
says  Jeff  Brainard,  Mirapoint’s  senior  prod¬ 
uct  marketing  manager. 

The  new  appliances  sit  at  a  company's 
e-mail  gateway  to  scan  messages  for  spam 
and  viruses,  and  also  offer  advanced  con¬ 
tent  filtering,  policy  enforcement,  intrusion 
detection  and  Simple  Mail  Transfer  Proto¬ 
col  connection  management.  But  unlike 


This  includes  equipment  such  as  Layer  2  to 
Layer  4  wiring  closet  switches  and  access 
routers.  While  commoditization  already  is 
happening  in  these  areas,  Kumar  says, stan¬ 
dardization  of  ASI  as  a  backplane  could 
drive  this  further,  resulting  in  even  lower 
prices  of  network  gear.  He  also  expects  ASI 
to  creep  into  core  switch  and  router  prod¬ 
ucts.  Vendors  of  core  network  gear  “are  not 
interested  in  creating  the  next  whiz-bang 
switch  fabric,  focusing  on  software  and  ser¬ 
vices  that  they  can  provide  to  customers” 
he  says. 

Kumar  says  users  could  expect  to  see 
products  based  on  ASI  by  year-end  and  in 
2005.  He  adds  that  several  major  network 
vendors  will  announce  membership  in  the 
ASI-SIG  this  month  at  Intel  Developer 
Forum. 

Some  observers  see  ASI  as  another  of 
numerous  efforts  over  past  few  years  to 
standardize  the  way  components  talk  to 
each  other  inside  of  a  box. 

“It  seems  the  goal  of  this  group  is  to  force 
more  commoditization  in  the  [network 

See  ASI,  page  18 


Mirapoint’s  Message  Director,  the  new 
appliances  don’t  require  IT  expertise  to 
manage,  Brainard  says. 

Mirapoint,  which  competes  with  secure 
messaging  appliance  makers  including 
BorderWare,  CipherTrust  and  IronFbrt,  says 
the  RazorGate  products  fill  a  need  that 
other  vendors  aren’t  meeting.  “The  prob¬ 
lems  in  terms  of  spam  and  viruses  that  a 
small-  or  medium-sized  firm  faces  are  just 
as  complex  as  those  that  a  large  firm  faces, 
the  difference  is  [smaller  organizations] 
don’t  have  the  IT  staff,  knowledge  or  re 
sources  in  place  to  come  up  with  a  grand 
solution,”  says  Sara  Radicati,  an  analyst  at 
The  Radicati  Group. 

To  streamline  administration,  the  Razor- 
Gate  100’s  Direct  Path  technology  lets  the 
appliance  scan  incoming  and  outgoing 
messages  in  real  time,  Brainard  says,  in¬ 
stead  of  queuing  incoming  mail  at  the 
gateway  This  means  companies  can  install 
the  box  and  walk  away,  he  says,  without 
needing  to  check  on  a  mail  queue’s 
See  Mirapoint,  pagi- 18 


Mirapoint  aims  messaging 
appliances  at  SMBs 
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Behaving  more  like  a  glacier  than  a 
hot  technology  IPv6  has  been  every¬ 
one's  “sometime  in  the  future”  tech¬ 
nology  for  years.  The  coming  surge  in  IP- 
enabled,  consumer-class  devices  (not  just 
your  cell  phone  but  your  fridge)  was  sup¬ 
posed  to  force  the  world  to  IPv6.  But  if  a  rel¬ 
atively  new  endeavor  called  “Kebab”  takes 
off,  IPv6  might,  again,  become  less  urgent. 

While  IPv6  introduces  a  slew  of  useful 
enhancements,  such  as  integrated  securi¬ 
ty,  its  raison  d’etre  is  to  expand  the  IP 
address  space  beyond  the  four  octets  that 
IPv4  offers. 

What  many  thought  to  be  a  temporary 
workaround,  network  address  translation 
(NAT), solved  the  problem  for  many  years. 
NAT  —  resident  usually  in  corporate  fire¬ 
walls  or  small  office/home  office/con- 
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Will  ‘Kebab’  skewer  IPv6? 


sumer  broadband  access  routers  —  effec¬ 
tively  multiplexes  one  real  Internet  IP 
address  to  let  many  users  share  the  address 
simultaneously 

As  part  of  this,  it  hides  the  internal 
address  structure.  Not  only  is  this  a  security 
benefit  but  it  lets  corporate  and  home 
users  duplicate  IP  addresses  used  else¬ 
where  without  causing  connectivity  prob¬ 
lems  externally 

For  example,  NAT  is  why  it  is  OK  that  vir¬ 
tually  evety  broadband  router  on  earth  is 
shipped  with  the  (non-routable)  IP 
address  of  192.168.1.1  and  networks  keep 
on  working.  Nobody  on  the  “outside”  ever 
sees  that  address. 

With  end  users  initiating  virtually  all 
Internet  access,  it  made  NAT  quite  viable. 
The  Web  site  only  had  to  respond  to  what¬ 
ever  address  had  contacted  it.  There  was 
no  need  for  the  Web  to  have  to  drill 
through  the  NAT  firewall  to  initiate  contact 
with  a  device. 

NAT’s  days  were  numbered,  it  was 
thought,  when  vendors  talked  about 
putting  IP  stacks  in  everything  from  hand¬ 


held  computers,  phones,  to  kitchen  appli¬ 
ances.  Add  to  this  the  complication  that, 
given  the  dearth  of  IP  addresses,  broad¬ 
band  connections  typically  are  assigned 
these  addresses  dynamically  Translation: 
They  can  change  randomly 

Enter  IPv6.  Well,  not  exactly  You  can  buy 
some  products  that  support  IPv6  but  the 
world  —  the  Internet  —  is  still  IPv4.  Un¬ 
fortunately,  manufacturers  were  ready  to 
move  to  IP-enabled  trash  compactors  and 
didn’t  want  to  wait.  Enter  Kebab. 

Matsushita  introduced  this  protocol  — 
though  it  is  more  of  a  service  —  to  allow  ex¬ 
ternal  communication  with  devices  inside 
the  firewall.  Eventually  this  will  include  the 
many  consumer  appliances  that  Matsushita 
sells  under  its  Panasonic  brand. 

Specifically  what  Kebab  does  is  address 
the  issue  of  “doubly  dynamic”  addresses  (I 
just  made  up  that  phrase).  Not  only  does 
the  “real”  public  IP  address  of  broadband 
users  change  —  at  various  and  random 
times  —  but  the  private  IP  address  assigned 
to  any  device  can  change  as  well.  An  event 
as  fundamental  and  common  as  a  power 
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failure  could  cause  both  to  change. 

Kebab  calls  for  home  systems  to  commu¬ 
nicate  with  a  central  service  (across  the 
NAT  firewall)  to  update  both  sets  of  ad¬ 
dresses  as  they  change.  Thus,  an  owner 
wishing  to  communicate  with  a  home 
appliance  from  afar  could  reference  the 
device  by  name  and  Kebab  would  resolve 
the  addresses. 

While  Kebab  doesn’t  magically  increase 
the  IPv4  address  space.it  does  remove  one 
of  the  biggest  obstacles  of  IPv4  —  the  ever- 
changing  addresses. 

Since  Kebab’s  announcement  last  Octo¬ 
ber  (www.nwfusion.com,  DocFinder.  9525), 
there’s  been  little  news  beyond  the  initial 
flurry  We  are  told  that  Matsushita  is  pursu¬ 
ing  licensing  Kebab  to  others.  While  its  suc¬ 
cess  at  doing  so  won’t  stop  IPv6,  it  could 
make  it  a  “nice  to  have”  rather  than  a  “must 
have”  for  many  next-generation  apps. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  Fie  can  be 
reached  at  ktolly@tolly.com. 


Security  made  smaller 

Mirapoint’s  new  e-mail  appliances  are  targeted  at  small 
and  midsize  businesses  (RazorGate  100)  along  with  large 
companies  (RazorGate  300). 


RazorGate  100 

RazorGate  300 

Maximum  users 

1,500 

5,000 

Average  price  with 
anti-spam  and  anti¬ 
virus  software 

$12,500  for  300 

users 

$27,500  for  300 

users 

Availability 

Now 

March 

Mail  queuing 

No 

Yes 

CNT  spins  out  end-to-end 
storage  link  software 


Mirapoint 
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progress  or  bottlenecks.  Once 
scanned,  e-mail  is  passed  to  the 
company’s  mail  server  and  never 
resides  on  the  RazorGate  100. 

For  large  organizations  that 
need  message  queuing  but  still 
want  an  appliance  that  can  be 
quickly  deployed  and  easily  man¬ 
aged,  Mirapoint’s  RazorGate  300 
has  a  queue  management  feature 
and  offers  a  temporary  quaran¬ 
tine  queue  for  messages  that  have 
been  flagged  as  spam,  Brainard 
says.  The  RazorGate  300  also 
routes  messages  to  the  appropri¬ 
ate  mail  server  for  organizations 
that  run  more  than  one.  The  300 
also  includes  redundant  hard¬ 
ware  for  increased  reliability  and 
a  “wiretap”  feature  that  lets  admin¬ 
istrators  scan  users’  incoming  and 
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outgoing  messages. 

Both  RazorGate  appliances  in¬ 
clude  administrator  tools  for  pro¬ 
ducing  logs  and  reports,  such  as 
statistics  regarding  which  users  re¬ 
ceive  the  most  spam.  The  new 
appliances  can  be  configured 


with  Mirapoint’s  Full-Spectrum 
anti-spam  technology  and  with 
anti-virus  software  from  Sophos. 
When  configured  this  way,  the 
RazorGate  100  costs  $12,500  for 
300  users,  and  the  RazorGate  300 
costs  $27,500  for  300  users.  ■ 


■  BY  DENI  CONNOR 

CNT  launched  unique  software 
last  week  that  lets  customers  col¬ 
lect,  identify  and  monitor  the  per¬ 
formance  of  applications  run¬ 
ning  across  the  storage-area  net¬ 
work,  metropolitan-area  network 
and  WAN. 

Called  the  inVSN  Storage  Net¬ 
work  Manager,  the  software  ana¬ 
lyzes  network  data,  identifying 
real  and  potential  network  out¬ 
ages  or  bottlenecks,  and  feeds 
information  to  enterprise  stor¬ 
age  management  frameworks 
for  resolution. 

While  storage  applications  such 
the  replication  of  data  are  distrib¬ 
uted  across  sites  and  different  net¬ 
works  and  protocols,  manage¬ 
ment  tools  are  available  only  for 
individual  devices  in  the  network, 
such  as  Fibre  Channel  switches, 
storage  routers  and  optical 
switches  used  in  connecting  dis¬ 
tributed  SANs.The  inVSN  Storage 
Network  Manage  works  with  CNT 
gear,  and  with  Nortel,  Cisco  and 
Adva  Optical  Networking  Dense 
Wavelength  Division  Multiplexing 
(DWDM)  switches,  and  McData 
and  Brocade  Communications 
Fibre  Channel  switches. 

The  software,  which  runs  on  a 
host  computer,  sees  beyond  a  sin¬ 
gle  domain  and  across  any  com¬ 
munication  protocol  to  give  the 
user  an  end-to-end  view  of  an 


application  and  its  performance. 

For  instance,  in  an  installation 
in  which  two  SANs  connected 
with  McData  Fibre  Channel 
switches  are  linked  with  Nortel 
Optera  DWDM  switches  over 
SONET  for  disaster  recovery, 
inVSN  would  monitor  the  com¬ 
munications  link  established  as 
data  passes  from  the  McData 
switch  to  the  Nortel  Optera  over 
the  SONET  network  to  the  Nortel 
Optera  and  McData  switch  at  the 
remote  locatiqn. 

InVSN  Storage  Network  Man¬ 
ager  is  available  in  two  versions. 
The  Open  Edition,  which  is  cus¬ 
tomer  installable,  will  monitor 
Fibre  Channel  over  IP  and  ATM/ 
SONET  networks,  Qlogic,  Emulex 
and  LSI  Logic  host  bus  adapters 
and  CNT  FC/90,  Brocade  and 
McData  Fibre  Channel  switches. 
It  works  with  Solaris,  Windows 
and  HP  host  computers  and 
starts  at  $6,000. 

The  Enterprise  Edition  is  de¬ 
signed  for  mainframe  and  open 
systems  environments.  It  sup¬ 
ports  Enterprise  Systems  Con¬ 
nection,  Fibre  Connection,  IR 
ATM  and  SONET.  It  also  supports 
a  wider  range  of  products, 
including  Nortel,  Cisco  and  Adva 
DWDM  switches,  and  the  Ultra- 
Net  Storage  Director  and  Edge 
switches.  The  Enterprise  Edition 
is  expected  to  be  available  next 
quarter, starting  at  $25,000.  ■ 
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market],”  says  Frank  Dzubeck,  president  of 
Communications  Network  Architects. 

“The  loophole  they’re  using  is  the  interconnect 
technolog)/’  he  adds. 

He  compared  the  group’s  efforts  it  to  the  move¬ 
ment  toward  standardized  network  processors 
several  years  ago.  “What  happened  with  network 
processors  was  that  they  met  everyone’s  goals,  but 
they  forced  everyone  to  be  the  same.  So  differen¬ 
tiation  didn’t  occur,”  he  says.  While  large  parts  of 
the  Ethernet  switch  market  are  now  commodity- 
based,  high-end  enterprise  vendors  still  use  cus¬ 
tom  ASICs  and  other  proprietary  technology  to 
add  value,  he  says. 

Small  and  midisze  companies  could  see  the  most 


benefit  by  vendors  adopting  ASI,  Dzubeck  says. 

“These  companies  don’t  have  anything  like  big 
server  clusters  or  complex  data  centers,  and  they 
tend  not  to  buy  on  cost,”  he  says. 

ASI  could  run  into  resistance  in  the  emerging 
blade  server  market,  Dzubeck  adds.  Even  though  the 
standards  still  are  being  shaped  in  that  market,  he 
says,  the  technology  for  linking  blade  servers  in  a 
chassis  could  lean  toward  Ethernet  instead  of  inter¬ 
nal,  bus-based  interconnect  technologies,  such  as 
PCI  Express. 

Dzubeck  says  major  blade  server  vendors  “will  say 
the  way  to  do  it  is  to  create  a  LAN  in  a  box,  linking  all 
these  [blade  servers]  with  Ethernet.” 

He  says  this  is  different  from  previous  generations 
of  blade  servers,  “which  were  basically  PCI  cages 
that  interconnect  with  a  backplane.  To  me,  that’s 
just  a  big  server."  ■ 


Ours  does. 


Conventional  firewalls  are  blind  to  the  most  potentially  damaging  threats 
from  the  Internet.  Now,  Fortinet  can  help  you  see  -  and  stop  -  what  the 
others  miss.  Our  award-winning  FortiGate™  Antivirus  Firewalls  -  the  only 
security  systems  certified  by  the  ICSA  for  antivirus,  firewall,  VPN  and 
intrusion  detection  -  use  ASIC-powered  content  processing  technology 
to  scan  your  Web,  email  and  other  network  applications  in  real  time. 

So  you  can  stop  viruses,  worms,  intrusions  and  harmful  content  before 
they  can  enter  your  network  -  and  lower  your  total  cost  in  the  process. 


FIREWALL  PRODUCT  OF  THE  YEAR 


Seeing  is  believing.  To  see  how  Fortinet's  Complete  Content  Protection 
delivers  faster  performance  and  lower  costs  visit  www.fortinet.com/ccp 
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Special  Focus 

SECURITY:  Deep  packet  inspection. 


The  evolution  of  application  layer  firewalls 


6  BY  TIM  GREENE 

First  there  were  packet  filters. Then  stateful  inspec¬ 
tion  firewalls;  then  intrusion  detection. 

Now  the  latest  Internet  defense  technology  —  deep 
packet  inspection  firewalls  —  is  being  touted  as  the  best 
line  of  defense  against  worms  that  can  sneak  past  earlier 
technology  to  wreak  havoc  in  corporate  networks. 

The  issue  with  these  application-layer  firewalls  seems 
to  be  whether  they  should  be  placed  at  all  Internet  gate¬ 
ways  and  evaluating  whether  they  are  worth  the  cost. 

By  analyzing  packets  not  just  in  isolation,  but  by 
reassembling  and  analyzing  packet  streams  that  make 
up  individual  application  sessions,  these  application- 
layer  firewalls  can  spot  odd  behavior  by  particular  pro¬ 
tocols  that  can  signal  a  brand-new  attack. 

Customers  that  use  these  products  say  their  value  is 
undeniab!e.“Now  you  can  block  [malicious  traffic]  as 
you  detect  it,  at  the  edge.  And  the  deep  packet  inspec¬ 
tion  [technology]  can  update  the  firewall,”  says  Steven 
Goldsby  CEO  and  founder  of  Integrated  Computer 
Solutions  in  Montgomery  Ala.,  which  uses  Fortinet’s 
Complete  Content  Inspection  gear.“If  it  identifies  an 
attack,  then  it  can  automatically  block  the  IP  address." 

Deep  packet  inspection  firewalls  are  the  latest  stage 
in  the  evolution  of  firewall  technology,  says  Richard 
Steinnon,an  analyst  for  Gartner  credited  with  coining 
the  term  deep  packet  inspection.  Steinnon  says  Check 
Point,  Fortinet,  NetScreen  Technologies  and  others  do 
this,  and  as  do  intrusion-prevention  systems,  such  as 
those  from  IntruVert  Networks,  NetContinuum  and 
TippingPoint  Technologies.  Devices  such  as  those 
made  by  Radware  and  Teros  also  fall  under  the  same 
umbrella. 

Battling  malicious  traffic 

Application  firewalls  can  find  malicious  traffic  that 
stateful  inspection  firewalls  miss.  For  example,  stateful 
firewalls  don’t  detect  worms  that  send  strings  of  mali¬ 
cious  code  within  legitimate  protocols  because  stateful 
firewalls  just  look  at  network-layer  packet  headers. 
However,  deep  packet  inspection  can  find  such  attacks 
by  looking  for  telltale  signatures  further  inside  packets. 

Intrusion-detection  systems  already  do  this,  but  their 
response  is  to  trigger  alerts  for  network  administrators  to 
decide  whether  suspicious  traffic  means  an  attack  is 
really  underway  Deep  packet  inspection  firewalls  differ 
in  that  they  automatically  take  steps  to  block  the  attacks 
they  detect. 

Steinnon  says  application  firewalls  analyze  how  proto¬ 
cols  are  behaving  and  wtiether  that  behavior  honors 
policies  set  for  how  that  traffic  should  be  acting. 

Worms  required  a  deeper  look  for  signatures  and  cre¬ 
ated  a  need  to  look  at  whole  sessions,  streams.  They 
require  the  firewall  to  do  what  the  end  server  does  and 
make  a  decision  based  on  everything  it  learns,”  he  says. 

This  is  where  the  term  deep  packet  inspection  breaks 
down,  Steinnon  says.  Application  firewalls  don’t  just  look 
deeply  into  individual  packets.The  firewall  assembles 
packets  into  streams  that  represent  sessions  and  ana¬ 
lyzes  whether  the  behavior  of  the  session  is  atypical  of 
appropriate  use  of  the  application. 


For  instance,  the  Blaster  worm  exploited  the  Remote 
Procedure  Call  (RPC)  protocol  to  do  its  work.  It  would 
send  messages  to  ranges  of  IP  addresses  looking  for  more 
machines  to  infect.  Legitimate  use  of  RPC  typically  does 
not  call  for  this  systematic  sending  of  messages. 

Check  Point  says  its  RPC  inspection  software,  available 
since  April,  was  effective  against  Blaster  when  it  hit  in 
August.  Looking  for  odd  behavior  of  RPC  sessions  made 
it  effective  even  though  no  one  had  seen  Blaster  before 
to  capture  a  signature,  Check  Point  says. 

Similarly,  WatchGuard  Technologies  says  its  application- 
protection  software  blocked  attacks  against  38  of  52 
Microsoft  vulnerabilities  last  year,  protecting  networks 
even  if  the  Microsoft  software  hadn’t  been  patched. 

Once  application  layer  firewalls  detect  attacks,  they 
must  deal  with  them  appropriately  Steinnon  says. 


What's  the  difference? 

Stateful  inspection  firewalls  are  in  standard 
use,  but  application  firewalls  are  fast 
becoming  essential  parts  of  corporate  security 
architectures. 


Stateful  inspection 

•  Filters  at  the  network 
layer. 

•  Designed  to  control 
access. 

•  Misses  worms  and 
Trojans. 

•  Can  work  in  tandem 
with  application 
firewalls. 


Application  firewall 


•  Filters  at  the 
application  layer. 

•  Designed  to  analyze 
application  behavior 
and  seek  protocol 
anomolies. 

•  Can  catch  worms  and 
Trojans. 

•  Cantriggerfirewallsto 
respond  to  attacks. 


Blocking  only  the  IP  address  that  is  the  source  of  an 
attack,  for  instance,  is  more  desirable  than  blocking  all 
traffic  trying  to  use  that  port,  he  says. 

In  the  case  of  Blaster,  the  worm  sends  on  TCP  Port  135, 
and  some  recommended  remedies  call  for  blocking 
Port  135,  even  though  it  can  interfere  with  legitimate 
Microsoft  applications  that  use  RPC. 

Application  layer  concerns 

By  addressing  application  layer  concerns,  these 
application  firewalls  make  it  possible  for  more  users  to 
access  corporate  networks,  customers  say.  For  exam¬ 
ple,  NetScreen’s  5XT  deep  inspection  firewall  appli¬ 
ances  make  it  possible  for  remote  offices  of  Virginia 
Hospital  Center  to  gain  full  access  to  billing  and  med¬ 
ical  applications  without  exposing  the  network  to 
unnecessary  risk, says  Mark  Rein,  director  of  IT  at  the 
Arlington  hospital. 

The  hospital  had  used  Cisco  VPN  software  on  remote 
machines  to  give  users  remote  access,  but  the  VPN  did 
nothing  to  protect  the  remote  machines  from  worms 
and  viruses.  Infected  machines  could  launch  attacks 


that  might  invade  the  hospital  network  via  the  VPN,  Rein 
says.  As  a  result,  hospital  policy  forbade  full  access  to 
records  via  remote  access.“We  would  give  them  view 
privileges,  but  not  allow  them  to  modify  files,”  he  says. 

Now  with  the  NetScreen  boxes  in  place,  those  remote 
machines  and  the  traffic  they  send  are  deemed  clean, 
he  says.  Physicians  who  extend  their  workday  take  a 
NetScreen  appliance  home  if  they  think  they’ll  log  on  to 
the  hospital  network,  Rein  says. 

The  hospital  also  has  NetScreen’s  more  comprehen¬ 
sive  application-layer  screening  Intrusion  Detection/ 
Prevention  (IDP)  device  at  the  hospital.lt  can  find 
potential  malicious  traffic  that  the  appliances  might 
miss,  but  at  $400,  the  5XT  appliances  are  affordable  at 
every  site,  he  says,  and  reduce  the  number  of  alarms  that 
the  IDP  triggers. 

Some  customers  say  application  firewalls  can  protect 
servers  even  if  the  servers  have  known  flaws.  In  the  case 
of  Regal  Entertainment  in  Knoxville, Tenn.,  a  movie  the¬ 
ater  chain,  Check  Point’s  Application  Intelligence  soft¬ 
ware  was  so  effective  that  a  security  consultant  hired  to 
try  to  take  down  Regal  servers  could  not  exploit  a 
known  vulnerability  caused  by  missing  patches  on  a 
particular  server. 

The  Check  Point  software  headed  off  the  application- 
layer  attacks  that  the  consultant  tried  through  Port  80 
before  they  got  to  the  server,  says  Andrew  Bagrin,  direc¬ 
tor  of  security  and  network  management  for  the  chain. 
“It’s  still  critical  to  patch,  but  now  we  can  be  more  flexi¬ 
ble  so  we’re  not  so  worried,”  he  says. 

Vendors  such  as  NetScreen  are  putting  versions  of 
their  application  inspection  software  on  low-cost  appli¬ 
ances  for  sites  where  risk  is  deemed  lower  than  would 
warrant  a  more  expensive  IDP  system. These  boxes 
include  stateful  firewalls,  virus  protection  and  VPN  sup¬ 
port.  Such  an  appliance  costs  $1,700  vs.  an  IDP  box  that 
can  cost  10  times  as  much. 

A  new  way  of  looking  at  protection 

While  established  vendors  are  working  on  pricing 
and  features,  a  new  company  called  WebCohort  is  tout¬ 
ing  a  new  way  of  looking  at  the  same  problem. The 
Palo  Alto  company’s  software,  called  SecureSphere, 
culls  individual  suspicious  events  to  find  enough  evi¬ 
dence  of  a  malicious  user  to  conclude  that  an  attack  is 
underway. 

The  company’s  CEO,Schlomo  Kremer,says  the  appli¬ 
ances  can  protect  custom  applications  that  represent 
the  majority  of  traffic  in  major  corporate  networks  — 
something  its  competitors  can’t  do. 

The  device  learns  any  application  by  discovering 
such  things  as  what  URLs  applications  use,  their  struc¬ 
ture  and  how  they  employ  cookies,  and  then  builds  a 
profile  of  how  the  application  works  and  how  it  is 
used,  according  to  Kremer.  It  builds  a  model  to  analyze 
actual  behavior  and  spot  anomalies  that  can  be 
blocked  automatically  or  be  flagged  for  IT  staff  to 
check  out,  he  says. 

Kremer  says  other  intrusion-protection  technology  pro¬ 
tects  against  known  attacks  against  commonly  used 
applications.They  are  useless  against  targeted  attacks 
on  custom  code,”  he  says.  ■ 
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of  the  world’s  largest  enterprises,  now  has 


security  built  to  fit  medium  enterprises 


Our  complete,  single  vendor  solutions  provide 


network  security  that’s  easily  managed 


Reduces  costs.  And  most  importantly,  gives 


needs  from  today’s  frequent  and  complex 


attacks.  Our  unequaled  solutions  for  large 


financial,  government  and  manufacturing 


networks  have  made  us  the  world’s  fastest 


over  the  last  two  years.  Now  there’s  no 


more  impenetrable  solution  for  your 


business.  Call  800.638.8296  or  visit 


www.netscreen.com/company/ad/impenetrable 
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BrightStor®  ARCserve®  Backup  Release  11 

Faster  and  easier  to  use  than  ever. 

When  it  comes  to  data  backup  and  recovery,  you  want  a  reliable,  high-performance  solution  you 
can  count  on.  That's  why  we've  created  BrightStor  ARCserve  Backup  Release  11,  featuring  the 
very  latest  in  storage  innovations.  BrightStor  ARCserve  Backup  is  faster  and  easier  than  ever, 
enhancing  both  efficiency  and  productivity.  And  with  CA's  superior  technology,  you  can  be 
confident  your  files  are  properly  backed  up  and  will  easily  be  restored  should  a  disaster  occur. 
For  more  information,  go  to  ca.com/storage/arcserve. 


B  ARCserve  Backup  Release  11. 

Visit  ca.com/storage/arcserve 
or  call  1-866-558-2798. 
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Microsoft  aims  RFID  downstream 

Inventory  tag  products  aimed  at  small  and  midsize  retail  market 


■  BY  ANN  BEDNARZ 

Among  retailers  and  manufacturers,  it’s 
the  big  players  with  deep  pockets, such  as 
Wal-Mart,  Procter  &  Gamble  and  Gillette, 
that  typically  are  associated  with  wireless 
inventory-tracking  projects  based  on 
radio  frequency  identification  technol¬ 
ogy.  Microsoft  is  aiming  its  forthcoming 
RFID  wares  at  a  less  elite  —  but  no  less 
interested  —  market. 

Last  week  the  software  maker  an¬ 
nounced  its  Microsoft  Business  Solutions 
group  is  working  on  RFID  products  for 
small  and  midsize  consumer  product  and 
retail  companies.  Microsoft’s  plan  is  to  offer 
packaged,  plug-and-play  RFID  capabilities 
that  work  with  its  existing  ERP  applications 
for  manufacturing  and  distribution. 

Specifically,  Microsoft  plans  to  add  RFID 
features  to  upcoming  releases  of  its 
Axapta  and  Navision  products  in  2005. 
The  vendor  also  plans  to  release  an  RFID- 
enabled  version  of  Microsoft  Retail 


Takes 

■  Microsoft  last  week  released  a  pub¬ 
lic  beta  version  of  its  Internet 
Security  and  Acceleration  Server 

2004.  ISA  Server  promises  improved 
network  security  and  performance  by 
delivering  better  application  security, 
simplified  management,  tighter  integra¬ 
tion  and  faster  caching,  Microsoft  said. 
ISA  Server  is  designed  to  help  users 
protect  Microsoft  applications  such  as 
the  Exchange  e-mail  server,  Internet 
Information  Services  Web  server  and 
SharePoint  collaboration  tools. 
Application  filters  for  each  of  those 
products  will  be  available  when  ISA 
Server  ships  in  mid-2004,  the  company 
said.  Additional  filters,  including  one  for 
the  SQL  Server  database,  are  in  the 
works.  Pricing  for  ISA  Server  2004  has 
not  been  determined.  ISA  Server  2000 
Standard  Edition  costs  about  $1,500 
per  processor  and  Enterprise  Edition  is 
about  $6,000  per  processor. 

■  InfoVista  this  week  will  announce 
upgrades  to  its  VistaFoundation 


Management  System  in  2006. 

Microsoft  is  not  alone  in  adding  RFID 
capabilities  to  its  business  software;  ERP 
and  supply-chain  management  vendors 
including  Manhattan  Associates,  Manugis- 
tics  and  SAP  are  building  RFID  capabili¬ 
ties  into  their  suites. 

But  Microsoft’s  emphasis  on  smaller 
users  is  distinct.  Small  and  midsize  busi¬ 
nesses  have  been  left  out  of  the  early 
development  of  RFID,  according  to  Nigel 
Montgomery,  director  of  European  re¬ 
search  at  AMR  Research. 

The  good  news 

“Microsoft’s  presence  in  RFID  is  good 
news  for  smaller  companies,  putting  pres¬ 
sure  on  other  vendors  to  package  com¬ 
plete  systems.  It  will  also  likely  push  price 
points  down,”  Montgomery  wrote  in  a 
research  brief. 

Analysts  expect  a  dramatic  increase  in 
the  adoption  of  RFID-enabled  technology 
fueled  by  mandates  from  Wal-Mart  and 


product,  software  designed  to  man¬ 
age  the  performance  of  networks, 
systems  and  applications.  Version  2.0 
has  been  updated  to  include  tools  to 
help  customers  define,  model  and 
monitor  business  services  from  an 
end-user  perspective.  As  part  of  the 
company's  new  Business  Technology 
Intelligence  strategy,  VistaFoundation 
2.0  will  include  features  that  lets 
users  view  service  performance  or 
the  status  of  the  components,  such 
as  database,  a  portal  interface  with 
context-relevant  data  and  automated 
self-monitoring  features.  Available  in 
March,  pricing  for  VistaFoundation 
2.0  starts  at  about  $50,000  for  new 
customers. 

■  Security  equipment  vendor  iPolicy 
Networks  next  week  will  announce 
an  enterprise  version  of  its  IP 
Enforcer  appliance  for  use  at  the 
Internet  perimeter  or  inside  the  corpo¬ 
rate  LAN.  The  previous  version  was 
intended  for  ISPs,  but  the  new  version, 
which  ranges  from  $2,000  to  $150,000, 
provides  firewall/VPN,  URL  filtering, 
intrusion-detection  and  prevention 
that  a  company  can  manage  at  up  to 
gigabit  speeds. 


Small  and  midsize 
businesses  have  been 
left  out  of  the  early 
development  of  RFID. 

the  U.S.  Department  of  Defense  that  sup¬ 
pliers  start  tagging  pallets  and  cases  with 
RFID  labels.  IDC  predicts  spending  on 
RFID  software,  hardware  and  services  for 
the  U.S.  retail  supply  chain  will  increase 
from  $8.5  million  in  2002  to  nearly  $1.3 
billion  in  2008  (see  graphic,  page  24). 

To  get  some  experience  with  RFID, 
Microsoft  has  been  working  on  a  pilot  pro¬ 
ject  with  KiMs,a  midsize  Danish  manufac¬ 
turer  with  about  $67  million  in  annual  rev¬ 
enue,  270  employees  and  100,000  pallets 
of  snacks  shipped  per  year.  The  project  is 


■  BY  ELLEN  MESSMER 

Network  administrators  are  finding  that 
investing  in  learning  special¬ 
ized  job  skills  —  and  validat¬ 
ing  those  skills  by  passing 
certification  tests  —  can 
lead  to  career  advancement 
even  when  the  economic 
outlook  for  hiring  is  bleak. 

For  example,  when  the 
Philadelphia  Stock  Ex¬ 
change  created  the  position 
of  chief  security  officer  last 
year,  a  technician  in  its  sys¬ 
tems  administration  depart¬ 
ment  stepped  into  the  job. 

It  was  a  step  up  for  Allan 
Pomerantz,  now  the  CSO, 
and  he  attributed  that  suc¬ 
cess  to  having  focused  on 
security  projects  while  he 
was  technology  coordinator  and  obtaining 
the  proper  security-certification  creden¬ 
tials  to  validate  his  skills.  Pomerantz  is  a 
Certified  Information  Systems  Security 


the  first  venture  into  RFID  for  Microsoft 
Business  Solutions,  the  company  says. 

Last  June,  KiMs  rolled  out  Microsoft’s 
Axapta  software  for  its  manufacturing, 
raw-materials  procurement,  sales  order 
management  and  warehouse  manage¬ 
ment.  That  implementation  was  the  foun¬ 
dation  for  the  RFID  pilot,  which  KiMs  took 
live  in  December  after  a  three-month 
design  and  development  cycle. 

At  KiMs,  RFID  tags  let  the  company  mon¬ 
itor  pallets  of  finished  goods  as  they 
moved  out  of  production  and  into  a 
warehouse.The  data  is  fed  into  the  Axapta 
warehouse  management  software,  which 
Microsoft  altered  so  it  could  capture  and 
manage  data  generated  by  RFID  readers. 

The  new  system  at  KiMs  also  includes 
Microsoft’s  demand-planning  software  for 
sales  forecasting;  event-management  tem¬ 
plates  for  monitoring  processes  such  as 
purchase-order  confirmations  and  sup¬ 
plier-delivery  reminders;  and  Microsoft 

See  RFID,  page  24 


Professional  (CISSP),  having  passed  the 
International  Information  Systems  Security 
Certification  Consortiums  (ISC2)  exam. 

“I  had  30  years’  experience 
in  data  processing  when  this 
opportunity  came  up,”  Fbm- 
erantz  says.  He  says  the 
CISSP  credential  was  a  criti¬ 
cal  element  for  winning  the 
CSO  job  at  the  Philadelphia 
Stock  Exchange,  where  he 
now  reports  directly  to  CIO 
Bill  Morgan. 

Bernie  Donnelly,  vice  presi¬ 
dent  of  quality  assurance 
and  control  at  the  exchange, 
said  the  CSO  position  was 
created  because  the  Securi¬ 
ties  and  Exchange  Commis¬ 
sion,  which  regulates  all  the 
U.S.  exchanges  and  banks, 
recommended  that  security 
should  be  a  “dedicated  position,  not  a 
shared  position,”  as  it  had  been  for  the 
exchange  in  the  past. 

See  Certification,  page  24 


Some  certifications 
are  hot  some  not 


Philadelphia  Stock  Ex¬ 
change  CSO  Allan  Pomer¬ 
antz  says  critical  certifica¬ 
tions  can  lead  to  career 
advancement  even  when 
the  hiring  outlook  is  bleak. 
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Enterprise  Applications 


Is  letting  go  the  right  way? 


The  DVD  Copy  Control  Association 
says  it  was  just  changing  tactics 
when  it  asked  a  California  state  court 
to  dismiss  its  4-year-old  case  against 
Andrew  Bunner,  whom  the  group  had 
sued  after  he  posted  a  copy  of  DeCSS  on 
his  Web  site.  Maybe  so,  or  maybe  the  asso¬ 
ciation  knew  it  would  lose.  Either  way, 
dropping  the  case  left  a  number  of  issues 
unresolved,  but  1  expect  that  it  won’t  be 
long  before  there  are  other  opportunities 
to  readdress  them. 

In  1999,  Bunner,  a  San  Francisco  pro¬ 
grammer,  posted  a  copy  of  the  DeCSS 
DVD  reading  program  on  his  Web  site. 
Later  that  year  the  DVD  Copy  Control 
Association,  the  keeper  of  the  Content 


Scramble  System  (CSS)  used  to  protect 
DVDs  from  being  read  by  non-approved 
devices,  sued  Bunner  and  a  whole  bunch 
of  other  people  who  had  posted  copies  of 
the  code  or  links  to  the  code.  They  sued 
on  the  basis  that  CSS  was  a  trade  secret 
and,  in  the  words  of  their  FAQ  (www.dvd 
cca.org/faq.html),  “the  code  for  its  algo¬ 
rithms  and  master  keys  —  the  main  ele¬ 
ments  of  its  security  —  were  stolen  and 
posted  on  the  Internet.”  The  algorithms 
and  keys  had  been  revealed  when  the 
not-all-that-good  encryption  used  on 
DVDs  was  cracked  by  a  Norwegian 
teenager.  In  short  order,  thousands  of 
copies  of  the  software  were  posted  to  the 
’Net,  and  the  secret  was  out. 

In  spite  of  the  widespread  availability  of 
the  program,  the  DVD  Copy  Control 
Association  said  the  algorithms  and  keys 
were  still  trade  secrets.  It’s  far  from  clear  to 
me  how  something  so  widely  known  still 
could  be  considered  a  secret  —  that  is  an 
argument  for  lawyers  not  regular  people. 


But  let’s  say  that  the  algorithms  and  keys 
ceased  to  be  trade  secrets  when  they  were 
so  widely  published.  What  does  that  mean 
for  other  trade  secrets  like  the  formula  for 
Coca-Cola?  Would  that  mean  someone 
who  breaks  into  a  Coca-Cola  computer 
and  steals  the  formula  would  escape  pros¬ 
ecution  if  he  posted  the  formula  to 
widely  distributed  Usenet  news  groups? 
That  would  certainly  play  into  the  hands 
of  an  extortionist  because  if  he  does  the 
thing  Coke  fears  the  worst,  he  could  not 
be  prosecuted. 

CSS  was  developed  to  protect  the  copy¬ 
righted  material  on  DVDs.  A  long  and 
detailed  story  in  the  Jan.  25  New  York 
Times  Magazine  attacks  the  U.S.  copyright 
system  created  by  the  copyright  mafia 
and  their  lackeys  in  Congress.  The  story 
“The  Tyranny  of  Copyright?”  (see  www. 
nwfusion.com,  DocFinder:  9523),  looks  at 
the  current  state  of  the  mess  and,  among 
other  things,  discusses  a  proposal  by 
William  Fisher,  director  of  the  Berkman 


www.nwfusion.coml 


Center  for  Internet  and  Society  at  the 
Harvard  Law  School,  that  would  change 
the  basic  concept  of  paying  for  the  use  of 
copyrighted  material.  Fisher’s  idea  is  to  tax 
blank  DVDs  and  some  types  of  computer 
equipment  and  distribute  the  tax  money 
to  copyright  owners  based  on  the  use  of 
their  material. 

Maybe  the  fact  that  DeCSS  will  be  far 
easier  to  find  will  not  be  a  long-term  prob¬ 
lem  for  the  movie  industry  Parts  of  Fisher’s 
concept  already  are  being  implemented 
in  various  parts  of  the  world,  including 
Canada  (DocFinder:  9524),  but  I’m  not 
going  to  hold  my  breath  for  it  to  happen  in 
the  U.S.The  idea  gores  too  many  oxen. 

Disclaimer:  Goring  oxen  is  an  avocation 
for  some  at  Harvard,  but  I’ve  not  talked  to 
Fisher  about  his  idea  recently  (he  might 
be  holding  his  breath  for  all  I  know). 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com. 


Certification 

continued  from  page  23 

Donnelly  said  the  SEC’s  view 
on  the  need  for  exchanges  to 
have  a  CSO  has  been  shaped  by 
the  Sept.  11,  2001,  attacks,  which 
closed  New  York’s  stock  ex¬ 
changes  for  a  week. 

“Since  9/1 1,  everyone’s  become 
more  security  conscious,”  Don¬ 
nelly  says.  In  his  new  job,  Pomer- 
antz  is  the  point  man  on  security 
matters, meeting  with  SEC  regula¬ 
tors  for  regularly  scheduled  re¬ 
views  of  the  exchange’s  opera¬ 
tions  and  during  any  crisis. 

Getting  job  skills  certifications 
that  are  in  demand,  such  as  the 
CISSP  clearly  pays  off  in  benefits 
and  better  job  security,  according 
to  Foote  Partners,  which  analyzes 
IT  employment  and  compensa¬ 
tion  trends. 

Pump  up  the  base 

“That  certification  is  actually 
worth  money”  says  David  Foote, 
president  and  chief  research  offi¬ 
cer.  In  a  study  the  firm  released 
this  month  based  on  interviews 
of  38,000  IT  professionals  in 
1,820  North  American  and  Euro- 
pean  employers,  the  value  of 
ne  skills  certifications  can  add 
almost  25%  to  an  individual’s 
base  salary. 

“Many  IT  and  business-line 
managers  interviewed  in  our 
most  recent  research  support  the 
notion  [that]  certification  is  a 
more  meaningful  measure  for 
comparing  IT  workers  than 
untested  or  self-reported  skills 
competency"  Foote  says.  “They 
report  higher  comfort  levels  — 


and  success  —  in  arguing  for 
training  expenditures  when  they 
can  guarantee  certifications  in 
return.” 

He  says  some  managers  are 
convinced  that  certification  de¬ 
monstrates  greater  commitment 
to  job  and  career. 

The  hottest  areas  in  skills  certi¬ 
fication  now  are  the  Project  Man¬ 
agement  Professional  certifica¬ 
tion  from  Project  Management 
Institute,  the  Citrix  Certified  En¬ 
terprise  Administrator  credential 
for  managing  Citrix  Servers  and 
the  Linux  Professional  Institute’s 
certifications. 

Certain  Microsoft  credentials, 
such  as  Microsoft  Certified  Trainer 
and  Microsoft  Certified  Solution 
Developer,  are  still  hot,  but  others, 
such  as  Microsoft’s  Certified  Pro¬ 
fessional,  are  not. 

According  to  the  study,  the 
Cisco  Certified  Network  Pro¬ 
fessional  and  Master  Certified 
Novell  Engineer  might  warrant  a 
10%  premium  bonus  over  base 
pay.  But  Siebel  Certified  Consul¬ 
tant,  Cisco  Certified  Network 
Associate  and  Sun  Certified 
Developer/Java  seem  to  have 
lost  the  luster  they  once  had  in 
terms  of  inspiring  bonuses  from 
bosses. 

Security  is  key 

Security  is  an  area  where  cre¬ 
dentials  are  of  tremendous  value, 
Foote  says. 

The  most  appreciated  among 
employers  are  the  Certified 
Information  Systems  Auditor  cer¬ 
tification  from  the  Information 
Systems  Audit  and  Control  Asso¬ 
ciation  (ISACA);  the  CISSP  from 


ISC2,  which  was  a  boon  for 
Pomerantz  at  the  Philadelphia 
Exchange;  and  the  SANS  Insti¬ 
tute’s  Global  Information  Assur¬ 
ance  Certifications,  particularly 
for  Windows  and  Unix. 

ISACA  has  a  new  certification, 
called  the  Certified  Information 
Security  Manager  (CISM),  which 
is  likely  to  compete  with  the 
ISC2’s  CISSP  certification,  Foote 
says.  The  CISM  is  weighted 
toward  business  issues  and  man¬ 
aging  risk. 


RFID 

continued  from  page  23 

Business  Network  software  and 
hosted  services,  a  transaction 
network  that  lets  KiMs  exchange 
business  documents  electroni¬ 
cally  with  its  suppliers  and 
distributors. 

Simple  system 

The  system  is  simple,  according 
to  AMR’s  Montgomery  Microsoft’s 
RFID  middleware  not  only  han¬ 
dles  data  transmission  but  also 
cleanses  the  data  to  remove  dup¬ 
licates  and  reduce  data  flows. 

“It  also  provides  configuration 
automation  for  new  readers, 
checks  the  heartbeat  of  each 
reader,  and  registers  new  readers 
into  the  system,  effectively  mak¬ 
ing  it  a  plug-and-play  system,” 
Montgomery  wrote. 

In  other  RFID-related  news: 

•  Oracle  announced  last  week 
that  it  is  adding  RFID  capabilities 
to  the  next  version  of  its  ware¬ 
house  management  software, 
scheduled  to  be  available  this 


Foote  says  he  expects  to  see  as 
much  as  45%  of  IT  workers  as 
permanent  employees  at  Fortune 
1000  companies  by  2006,  those 
jobs  spun  out  into  a  mix  of  con¬ 
tractors,  consultants,  temporary 
workers  and  outsourcing. The  ris¬ 
ing  cost  of  healthcare  benefits  is 
a  factor  in  employers’  decisions, 
as  is  the  lure  of  less-expensive 
labor  offshore. 

IT  employees  less  likely  to  be 
outsourced  are  the  business  ana¬ 
lyst,  the  data  modeling  special- 


summer.The  software  will  provide 
built-in  integration  with  the  RFID 
middleware  component  in 
Oracle’s  Application  Server  lOg 
and  will  be  compatible  with  RFID 
tags,  readers  and  printing  devices 
from  vendors  including  Alien 
Technology,  Intermec  Technol¬ 
ogies  and  Zebra  Technologies. 


ists,  technology  and  project  man¬ 
agers  and  “the  security  people,  ” 
Foote  says.  He  says  demand  for 
security  professionals  is  strong, 
and  IT  workers  should  consider 
careers  in  this  field.  ■ 
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•  IBM  and  Philips  Electronics 
announced  last  week  they  are 
teaming  to  build  RFID  systems 
that  will  combine  Philips’  radio 
tags  with  IBM’s  computer  ser¬ 
vices  and  systems.  As  part  of  the 
deal,  IBM  will  build  an  RFID  sys¬ 
tem  for  certain  Philips  manufac¬ 
turing  and  distribution  plants.B 


Spending  spree 

Growth  in  spending  on  RFID  hardware,  software  and 
services  for  the  U.S.  retail  supply  chain  will  accelerate 
over  the  next  few  years  before  stalling  in  2008,  according 
to  IDC. 


■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


Sawis  sees  C&W  as 


key  addition 


I  (Together  we’re  going  to  have  a  massive  IP 
infrastructure  company  that. . .  is  unmatched 
in  the  industiyH 

Rob  McCormick  CEO,  Sawis  Communications 


■  BY  DENISE  PAPPALARDO 

Sawis  Communications  sees  its  acquisi¬ 
tion  of  bankrupt  Cable  &  Wireless 
America  as  an  opportunity  not  only  to 
double  its  customer  base  but  to  accom¬ 
plish  something  neither  company  has 
managed  to  do  alone:  turn  a  profit. 

Sawis  was  one  of  seven  companies  to 
bid  on  C&W’s  domestic  assets  in  an  auc¬ 
tion  facilitated  by  the  U.S.  Bankruptcy 
Court  for  the  District  of  Delaware.  C&W 


Takes 

■  Phonom,  a  privately  held 
provider  of  digital  IP  telephony  ser¬ 
vices.  is  deploying  Lucent’s 
Accelerate  products  to  provide 

VoIP  calls  to  customers  in  Dela¬ 
ware,  Maryland,  New  Jersey, 
Pennsylvania  and  Virginia.  Phonom 
also  will  use  the  Lucent  equipment 
to  support  Web  voice  mail  and  a 
Web  portal  to  manage  communica¬ 
tions  and  business  tools.  Phonom 
began  offering  VoIP  services  Jan.  6. 
The  Lucent  products  being  deployed 
include  VoIP  switching  platforms, 
Web-enabled  voice  mail  and  a  unify¬ 
ing  Web  portal  that  lets  consumers 
manage  phone  calls,  e-mails,  voice 
mail,  calendars  and  address  books 
from  a  computer  or  PDA. 

■  MCI  recently  released  financial 
guidance  for  2004  that  indicates 
further  revenue  decline  is  on 

the  way.  The  company,  which  is 
expected  to  emerge  from  bankrupt¬ 
cy  this  month,  says  it  expects  rev¬ 
enue  between  $21  billion  and  $22  bil¬ 
lion  this  year.  The  carrier’s  predicted 
revenue  will  be  10%  to  12%  lower 
than  expected  year-end  2003  rev¬ 
enue,  which  has  not  been  finalized. 
The  figure  is  also  lower  than  MCl's 
last  revised  three-year  plan  esti¬ 
mates  filed  with  the  bankruptcy 
court,  which  estimated  revenue  for 
2004  at  $24.6  billion.  MCI  attributes 
the  further  decline  to  falling  con¬ 
sumer  voice  revenue  and  a  strug¬ 
gling  telecom  market. 


filed  for  Chapter  1 1  protection  in  Decem¬ 
ber.  The  bidders  included  Gores  Tech¬ 
nologies,  which  had  an  asset  purchase 
agreement  in  place  before  C&W’s  bank¬ 
ruptcy  filing.  But  Gores’  bid  of  $125  million 
came  up  short. 

Sawis  is  set  to  pay  $155  million  for  C&W 
and  assume  $12.5  million  in  liabilities. 
Sawis  CEO  Rob  McCormick  says  the 
combined  companies  will  create  the 
largest  managed  IP  service  provider  for 
business  users. 

“The  two  companies  have  enough  scale 
to  be  highly  profitable,”  McCormick  says, 
noting  combined  revenue  of  $700  million. 
“Together  we ’re  going  to  have  a  massive  IP 
infrastructure  company  that  ...  is  un¬ 
matched  in  the  industry!’ 

But  neither  company  is  profitable  today 
Sawis  posted  more  than  $100  million  in 
losses  in  the  first  three  quarters  of  2003. 


■  BY  JIM  DUFFY 

Hammerhead  Systems  last  week  landed 
$25  million  in  additional  financing  to 
advance  the  company’s  vision  for  Layer  2 
multi-service  edge  switches. 

New  investor  Pequot  Ventures  led  the 
round,  which  brings  Hammerhead’s  total 
investor  bankroll  to  $43  million  since 
being  founded  in  January  2002.  Pequot 
General  Partner  Greg  Rossmann  joins 
Hammerhead’s  board  of  directors.  All  of 
Hammerhead’s  first-round  venture  firms 
participated  in  the  Series  B  round,  includ¬ 
ing  Mayfield,  Foundation  Capital  and 
Enterprise  Partners. 

Hammerhead,  which  had  been  in 
stealth  mode,  also  says  its  Layer  2  edge 
switches  are  in  trials  with  an  RBOC  and  a 
“leading  U.S.-based  network  service 
provider”  The  company  would  not  dis¬ 
close  the  identity  of  these  carriers  but 
sources  say  they  are  BellSouth  and  AT&T, 
respectively 

Hammerhead’s  switches  are  intended  to 
help  service  providers  manage  the  transi¬ 
tion  of  their  revenue-rich  legacy  data  ser¬ 
vices  from  an  ATM  core  to  a  Multi-proto¬ 
col  Label  Switching  (MPLS)  core.  The 
company,  like  start-ups  WaveSmith  Net- 


Lack  of  profitability  is  a  key  reason  why 
C&W  ditched  its  American  unit.  Exec¬ 
utives  at  the  company  said  before  filing 
for  bankruptcy  that  C&W  America  was  los¬ 
ing  $1  million  per  day 
C&W  America’s  parent  company  decid¬ 
ed  to  cut  its  losses  in  June  when  the  com¬ 
pany  publicly  stated  it  would  exit  the  U.S. 
market.  That  retreat  came  after  the  com¬ 
pany  invested  $2.9  billion  in  acquiring 


works  and  Gotham  Networks  three  years 
ago,  is  targeting  the  $20  billion  frame  relay 
and  ATM  market,  and  the  blossoming 
Ethernet  opportunity 

Ciena  acquired  WaveSmith  after  Wave- 
Smith  landed  a  deal  at  SBC  and  showed 
promise  in  Verizon’s  next-generation  Layer 
2  multi-service  edge  trials.  Gotham  went 
out  of  business. 

“Service  providers  are  still  in  the  early 
stage”  of  this  transition,  says  Mark  Bie- 
berich,  an  analyst  at  The  Yankee  Group. 
“The  percentage  of  traffic  migrated  to 
MPLS  is  still  in  the  single  digits.The  migra¬ 
tion  is  still  a  technical  challenge.”® 
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Learn  why  start-ups  are  the  only  companies  targeting 
the  next-generation  Layer  2  edge. 
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MCl’s  Internet  backbone  in  1998,  as  well 
as  content  delivery  network  provider 
Digital  Island  and  Web  hosting  provider 
Exodus  in  2001. 

While  C&W  had  a  hard  time  combining 
these  assets  with  its  legacy  data  business, 
McCormick  says  C&W  America  is  a  “huge 
opportunity  for  us.” 

Sawis’  assets  include  an  IP  network  that 
spans  110  cities  in  45  countries,  six  man¬ 
aged  data  centers,  800  employees  and 
4,700  business  customers. 

The  service  provider  takes  over  C&W’s 
entire  U.S.  backbone  network,  15  Web 
hosting  data  centers,  1,160  employees  and 
reportedly  5,000  business  customers. 

“We  do  not  have  plans  to  further  down¬ 
size  [C&W]  ”  McCormick  says.  “But  there 
will  be  some  consolidation  between  the 
two  companies  in  back-office  functions 
over  time.” 

The  company  has  not  mapped  out  when 
or  where  it  will  make  cuts. 

“We  do  know  that  the  savings  we’re  look¬ 
ing  for  come  from  combining  things  like 
our  backbone  networks  and  [points  of 
presence] .  We’ll  go  through  a  city-by-city 
analysis  to  figure  out  who  has  the  right 
POP  and  where,”  McCormick  says. 

Both  companies  also  offer  IP  VPN  ser¬ 
vices,  which  Sawis  continues  to  support. 
Sawis’  IP  VPN  service  runs  over  its  “pri¬ 
vate”  IP  backbone,  which  is  not  part  of  the 
Internet.  C&W  offers  two  IP  VPN  services, 
one  based  on  IP  Security  and  the  other  on 
Multi-protocol  Label  Switching.  Both  run 
over  C&W’s  IP  network,  which  is  part  of 
the  Internet. 

McCormick  also  says  the  deal  is  good  for 
both  Sawis  and  C&W  customers. 

“We  don’t  do  [network]  design  work  or 
upfront  consulting, and  [C&W]  has  a  very 
established  practice  in  those  areas,”  he 
says.“0ur  customers  will  have  immediate 
access  to  their  consultative  services." 

Sawis  also  has  shied  away  from  offering 
collocation  services  because  of  its  limited 
data  center  space.  But  that  has  been  a  big 
part  of  C&W’s  Web  hosting  business.  S 
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Regulation  and  the  ’Net:  Where  we’re  headed 


I’ve  said  it  before,  but  the  pundits  in  the 
1990s  were  right:  Convergence  changes 
everything.  The  vanishing  distinction 
between  voice  and  data  has  precipitated  a 
massive  overhaul  of  technical  infrastruc¬ 


ture,  as  IT  executives,  vendors  and  service 
providers  are  keenly  aware. 

Less  obvious  —  but  potentially  even 
more  far-reaching  —  is  the  resultant  sea 
change  in  our  legal  and  regulatory  infra- 
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Technology  for  Life  Sciences  &  Healthcare 

BioJT  World 

CONFERENCE+EXPO 


Bio*IT  World  Conference  +  Expo™  will  enable  you  to 
discover  the  latest  technology,  network  with  industry  leaders 
and  learn  how  to  accelerate  your  research  and  development 
through  the  use  of  IT,  informatics  and  life  science 
technologies  across  the  entire  life  sciences  R&D  value  chain. 


Conference:  March  30  -  April  1, 2004 
Expo:  March  30  -  April  1, 2004 
Hynes  Convention  Center  •  Boston,  MA 
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Benefit  from  these  exciting,  new  event  highlights: 


Technology  for  Health  care 


®  <  Health  IT  World  —  a  special  co-located  Conference  +  Expo  dedicated 


A 

A  " ™“lc,i  ^xpo  Wl  ,U  t0  t*ie  enabling  technologies  in  outcomes-based  medicine, 
y  conference. expo  healthcare  informatics,  IT  infrastructure  and  healthcare 

management  systems 

<•)  Expanded  &  In-Depth  Education  —  developed  in  conjunction  with  leading  industry 
partners:  Bio-IT  World  magazine,  Thomson  CenterWatch,  Medical  Records  Institute  (MRI) 
and  IDG  Ventures 

Ernst  &  Young  Venture  Summit  —  hosted  by  IDG  Ventures 

®  Technology  Showcase  Demonstrations  —  learn,  evaluate  and  compare  products  in 
this  interactive  setting 

@  Focused  Workshops  —  providing  a  detailed  and  topic-centric  learning  experience 

®  Biotech  Tuesday  Networking  Event 
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Exceptional  Keynotes 


DR.  GEORGE  POSTE 
CEO,  Health  Technology 
Networks 

(former  R&D  head,  SKBJ 


DR.  SUSAN  L  LINDQUIST 
Director,  Whitehead  Institute 
for  Biomedical  Research, 

Professor  of  Biology,  MIT 


MICHAEL  C.  RUETTGERS 

Executive  Chairman 

EMC 


VICE  ADMIRAL  RICHARD 
H.  CARMONA.  M.D..  M.P.H., 
F.A.C.S.  (INVITED) 

United  States  Surgeon 
General  Commander  USPHS 
Commissioned  Corps,  U.S.  Dept, 
of  Health  and  Human  Services 

STEVEN  H.  HOLTZMAN 

Founder;  President  &  CEO 

Infinity  Pharmaceuticals 
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www.bio-itworldexpo.com 

SPONSORSHIP  &  EXHIBITING  OPPORTUNITIES  ARE  NOW  AVAILABLE 

Please  call  Don  Rosette  at  508-424-4854  or  don  rosette@idg.com  for  more  information. 


structure.  Make  no  mistake,  over  the  next 
five  years,  entire  industries  will  emerge  or 
vanish  because  of  these  changes. 

Here’s  a  sampling,  and  over  the  next  few 
months  we’ll  revisit  each  in  detail. 

First  and  foremost  is  the  question  of 
access  charges  for  IP  telephony  services.  In 
a  claim  under  review  by  the  FCC,  AT&T 
says  it  doesn’t  owe  access  fees  to  terminat¬ 
ing  telcos  on  calls  carried  mostly  over  the 
Internet. 

In  a  separate  but  related  case,  the  FCC  is 
reviewing  whether  peer-to-peer  software 
companies  such  as  Skype  and  Free  World 
Dialup  are  considered  telcos  (and  thus 
liable  for  access  fees),  or  whether  they’re 
online  service  providers  such  as  AOL. 
Decisions  on  both  cases  are  due  this  year. 

What’s  at  stake  is  the  future  of  telecom¬ 
munications. 

The  FCC  is  widely  expected  to  find 
against  AT&T  and  in  favor  of  the  peer-to- 
peers.  Such  a  decision  is  tantamount  to 
imposing  a  multi-billion-dollar  tax  on  own¬ 
ing  or  interconnecting  to  the  public 
switched  telephone  network  —  and  it 
spells  curtains  for  the  long-distance  voice 
industry  (Ever  notice  how  when  you  tax 
something  there’s  a  lot  less  of  it,  especially 
when  an  equivalent  is  available  tax-free?) 

A  second  major  issue  has  to  do  with  the 
right  to  privacyAs  voice  becomes  data  and 
encryption  proliferates,  companies  in¬ 
creasingly  are  encrypting  traffic  via  Secure 
Sockets  Layer  and  IP  Security  and  law  en¬ 
forcement  agencies  are  demanding“digital 
wiretapping’’  capabilities.  Essentially  to  be 
sure  of  access  to  potential  bad  guys,  de¬ 
cryption  solutions  need  access  to  all  traf¬ 
fic,  which  amounts  to  having  a  potential 
government  wiretap  in  every  switch  or  soft¬ 
ware  application,  waiting  to  be  activated. 

Whether  you  consider  this  a  major  issue 
depends  on  how  much  you  trust  the  gov¬ 
ernment.  Personally,  while  I’ve  seen  govern¬ 
ment  do  a  lot  of  good  things,  its  track 
record  on  privacy  is  mixed  at  best.  So  while 
I  recognize  that  law  enforcement  has  a 
need  to  pursue  suspected  criminals,  I’m 
leery  of  many  of  the  initiatives. 

Speaking  of  privacy  here’s  an  update  on 
the  fileswapping  wars.  You’ll  recall  that 
SBC,  Verizon  and  other  independent  local 
exchange  carriers  (ILEC)  successfully  peti¬ 
tioned  a  federal  appeals  court  to  force  the 
Recording  Industry  Association  of  America 
(R1AA)  to  obtain  judicial  approval  for  its 
subpoenas  against  illegal  file  sharing. 

Well,  the  RIAA  is  doing  just  that,  and  this 
time,  if  the  judges  agree,  the  ILECs  must 
comply  But  take  note  that  bands  and  their 
managers  finally  are  waking  up  to  the  con¬ 
cept  of  cutting  out  the  middleman  and 
beginning  to  use  the  Internet  to  go  directly 
to  listeners.  My  prediction  is  the  RIAA  will 
win  this  battle  but  lose  the  war  —  and 
musicians  will  come  out  ahead  in  the  end. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Virtual  call  centers  create  new  jobs 


■  Feb.  6  marks  the  first  Stop 
Commuting  Day  in  Barrie,  Ontario. 
A  bedroom  community  60  miles  from 
Toronto,  Barrie  was  chosen  by 
SuiteWorks  as  the  site  of  its  first 
telework  center,  a  120-seat  facility 
that  will  offer  Barrie's  31,500  com¬ 
muters  a  local  workplace  alternative. 
For  the  event,  Barrie  Mayor  Rob 
Hamilton  is  asking  employees  to  try 
telework  for  one  day  and  has  drafted 
a  stay-at-home  permission  letter  for 
workers  to  give  to  their  employers. 
Barrie  commuters  spend  on  average 
three  hours  per  day  in  their  cars, 
which  emit  14  tons  of  carbon  dioxide 
into  the  atmosphere  each  year, 
according  to  Hamilton.  The  first 
SuiteWorks  center  is  expected  to 
open  this  fall.  The  company  plans  to 
open  others  in  Canada  and  the  U.S. 
next  year. 

■  Netgear  last  week  announced  a 
new  security  router,  the  FVS328 
Cable/DSL  ProSafe  VPN  Firewall 
with  Dial  Back-up.  The  eight  port 
Layer-3  switch  supports  50  simulta¬ 
neous  VPN  tunnels  and  works  with 
Netgear’s  ProSafe  client  software, 
sold  separately.  The  device  will  sup¬ 
port  the  software's  VPN  Wizard  —  a 
setup  utility  for  easy  configuration  of 
VPN  tunnels  and  router  settings  — 
via  a  firmware  upgrade  available  in 
the  coming  months. The  ProSafe 
VPN  costs  $278. 

■  SonicWall  last  week  announced  an 
entry-level,  rack-mounted  security 
appliance  aimed  at  small  to  midsize 
businesses  with  50  or  fewer  locations. 

The  SonicWall  Pro  2040  includes  10 
Global  VPN  Client  licenses  and  boasts 
firewall  performance  of  up  to  200M 
bit/sec.  The  device  supports  Sonic- 
Wall's  higher-end  security  features, 
such  as  anti-virus  and  content  filter¬ 
ing,  and  distributed  management 
through  the  company's  Global  Man¬ 
agement  System.  Optional  upgrades 
via  SonicOS  2.1  Enhanced  include 
WAN-WAN  failover,  load  balancing, 
and  object-  and  policy-based  manage¬ 
ment.  Available  next  month,  the  appli¬ 
ance  is  expected  to  cost  about  $2,000. 


With  many  U.S.  jobs  being  lost  to 
overseas  outsourcers,  companies 
creating  jobs  here  are  getting  atten¬ 
tion.  Virtual  call  centers  —  outsourc¬ 
ing  firms  that  provide  phone  sup¬ 
port  using  home-based  workers  — 
are  breaking  out  of  niche  markets 
and  winning  big  clients  in  the  gov¬ 
ernment  and  mass-market  retail  sec¬ 
tors.  They’re  also  providing  jobs  for 
disabled  workers  who  can  7  manage  the  long  hours  or 
commute.  Reg  Foster,  chairman  and  CEO  of  Denver 
start-up  Alpine  Access,  recently  met  with  Net.  Worker 
Managing  Editor  Toni  Kistner  and  shared  his  vision  for 
this  new  and  growing  industry. 


You've  seen  some  surprising  growth  this  year.  Can  you  elaborate? 

Last  year  we  had  success  in  the  direct  retail  TV  market  — 
you  know,  infomercials  that  run  in  the  middle  of  the  night. 
Those  companies  are  a  good  fit  because  they  need  a  lot  of 
agents  for  short  bursts  of  time,  when  that  phone  number 
flashes  onscreen.  Unlike  traditional  call  center  agents  who 
work  set  hours  in  an  office,  our  agents  can  just  log  on  to 
the  system  and  work  an  hour  or  two  when  needed.  So  in 
2003,  we  expected  two  or  three  new  DRTV  clients,  but 
instead  gained  15  just  between  May  and  September.  A  few 
dropped  out  but  we  still  retained  nine. 

What  changes  did  you  make  to  accommodate  the  increase? 

We’ve  just  spent  $4.8  million  to  pursue  new  markets  and 
to  beef  up  the  security  and  redundancy  of  our  call  center 
network.  We  now  have  two  collocation  centers  that 
failover  to  each  other,  situated  on  opposite  ends  of 
Denver.  Our  next  step  is  to  separate  them  by  about  500 
miles.  As  we  double  in  size,  then  double  again  this  year, 
we’re  scheduling  enhancements  to  accommodate  the 
volume. 

You’ve  also  broken  into  some  new  markets? 

We’re  gearing  up  to  announce  two  huge  customer  wins 
—  a  very  large  and  well-known  government  agency  and 
a  mass-market  retailer.  Both  are  big  breakthroughs  for  us. 
In  educating  organizations  about  the  value  of  virtual  call 
centers,  the  challenge  is  getting  that  first  client  reference 
in  a  new  market.  Nobody  wants  to  be  first,  but  once  you 
get  one,  others  follow. There’s  a  ‘me  too’  mentality. 

Tell  me  about  the  government  client 

[This  month], we’ll  formally  announce  that  the  govern¬ 
ment  agency  will  begin  using  our  agents  to  answer  calls 
from  citizens  requesting  forms  and  publications.  Because 
the  agency  is  so  big,  we  plan  to  hire  1,000  new  part-time 
employees  in  addition  to  the  3,000  we  currently  have. 


■ 

PROFILE: 

I  ALPINE  ACCESS 

Location: 

Golden,  Colo. 

Details: 

Founded  in  1998  and  privately  held,  the 
virtual  call  center  company  provides 
phone,  Web  and  e-mail  support  for 
clients  using  home-based  agents 
working  over  the  Internet. 

Number  of 
employees: 

3,000  part  time;  plans  to  hire  1,000  this 
month.  Most  employees  reside  in  the 
Denver  and  Salt  Lake  City  areas;  new 
hires  will  be  recruited  nationwide. 

News: 

A  government  agency  has  contracted 
with  Alpine  to  provide  phone  support 
using  primarily  disabled  workers  under 
the  Javits-Wagner-O’Day  Act.  Enacted 
in  1938,  JWOD  lets  the  disabled  work 
through  community-based  organizations 
to  provide  goods  and  services  to  the 
federal  government. 

Fast  fact: 

A  recent  Jupiter  Media  report  found 
39%  of  call  center  executives  who  are 
evaluating  virtual  call  center  systems 
plan  to  use  home-based  agents  within 
two  years. 

How  did  you  convince  the  agency  to  go  with  Alpine  Access? 

That  we  provide  at-home  jobs  turned  out  to  be  a  key  fac¬ 
tor.  The  agency  is  funding  this  project  through  the  Javits- 
Wagner-O’Day  Act,  which  encourages  agencies  to  reinvent 
work  so  disabled  workers  can  perform  it.  About  80%  of  the 
1,000  new  employees  we  hire  will  be  disabled. 

Will  you  hire  employees  outside  the  Denver  area? 

This  month  we  begin  hiring  nationwide. This  gives  us 
access  to  new,  lower-cost  labor  markets.  Once  we  have  a 
few  new  employees  on  board,  we’ll  get  what  we  call  the 
cul-de-sac  effect  —  new  hires  spread  the  word,  and  before 
long  the  whole  neighborhood’s  working  for  us. 

And  the  mass-market  retailer? 

I  can’t  name  names.  Like  most  retail  clients,  the  company 
doesn’t  want  you  to  know  it  outsources  customer  service. 

There's  been  so  much  buzz  about  the  U.S.  losing  jobs  overseas. 
Your  company  and  others  offer  a  way  to  keep  jobs  here.  Are  peo¬ 
ple  beginning  to  make  the  connection? 

On  TY  Lou  Dobbs  has  been  slamming  companies  every 
night  for  outsourcing  jobs;it’s  only  a  matter  of  time  before 
the  press  and  commercial  entities  start  seeking  alterna¬ 
tives,  and  that  should  lead  them  to  us.  And  we’ll  probably 
see  the  issue  taken  up  by  the  Democrats  in  the  presiden¬ 
tial  campaign.* 


Gigaboost  Your 
10/100  Network 


Gigabit  10/100/1000  for  your  workgroups  is  more  affordable  than  ever. 
Why  wait  to  make  the  move?  Whether  you  need  Gigabit's  lOx  perform¬ 
ance  boost  now  or  are  looking  to  future-proof  your  network,  3Com® 
Gigabit  switches  deliver  blistering  LAN  performance  at  prices  that  can't 
be  overlooked. 

3Com  Gigabit  is  easy  to  install  and  support,  and  scales  from  the  small  office 
to  the  large  enterprise. 

On  the  same  cabling  as  10/100  switches,  Gigabit  is  designed  to  work  “as  is" 
with  older  PCs  without  upgrades,  yet  is  ready  for  the  newest  desktops  and 
servers  that  ship  with  built-in  Gigabit  ports. 


Baseline  Switch 
2816  and  2824 


3Com  invented  Ethernet  30  years  ago  and  is  a  leader  in  end-to-end  Gigabit 
to  the  desktop  today.  Visit  www.3com.com/gigabit  today  to  learn  more. 


SuperStack™  3 
Switch  3812 
and  3824 


To  find  a  reseller  nearest  you,  go  to:  www.3com.com/locate_reseller 

I rDwJ  Insight  PC  Connection'  PCMs^H 

< _ ^  Whatever  IT  takes  L/ 


■  Restrict'  ns  Sweepstakes  is  open  to  employees  of  end  user  companies  in  the  United  States  (excluding  Puerto  Rico)  No  Purchase  Necessary.  Purchase  Will  Not  Increase  Chances  Of  Winning.  Prize  valued  at  $5,000 
(USD’  Odds  of  winning  depend  on  number  of  entries.  Subject  to  Official  Rules.  For  rules  and  entry  details  visit  www.3com.com/shop.  Ends  5/31/04.  Void  where  prohibited.  This  promotion  may  be  altered  or  can¬ 
celed  at  any  time. 

Copyrignt©  ?003.  3Com  Corporation.  All  rights  reserved  3Com,  the  3Com  logo,  OfficeConnect  and  SuperStack  are  registered  trademarks  of  3Com  Corporation.  All  other  product  names  may  be  trade¬ 
marks  or  registered  trademarks  of  their  respective  companies. 
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■  AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


ppliance  streamlines  security 


HOW  IT  WORKS 


Application  security  gateway 

An  application  security  gateway  intercepts  and 
inspects  Layer  7  traffic  to  protect  applications  from 
being  attacked  or  misused. 


HTML  and  XML  traffic 


Web  server 
^  running  HTML 


© 

Server  application 
gateway 


Database 


Web  server 
running  XML 


Application  infrastructure 

O  A  browser  sends  a  request  to  a  protected  HTML  or  XML 
Web  server  and  initiates  an  application  session. 

©  If  the  request  is  encrypted  with  Secure  Sockets  Layer  (SSL),  the  gateway  decrypts  the  request. 
The  gateway  terminates  the  application  session  and  parses  the  application  data  to  determine  if 
it  is  a  valid  request.  If  the  request  is  allowed,  the  gateway  translates  the  external  URL  to  the 
corresponding  internal  URL. 

©  The  gateway  multiplexes  the  request  with  other  requests  and  sends  it  to  the  Web  server. 

©  The  HTML  or  XML  Web  server  processes  the  request  and  serves  up  a  response. 

©  The  gateway  translates  the  internal  URL  to  the  corresponding  external  URL,  parses  the  application 
data  to  verily  that  it  is  a  valid  response  and  blocks  incorrect  application  behavior. 

©  For  SSL  transactions,  the  gateway  encrypts  the  Web  server  response  and  sends  it  to  the  browser. 


■  BY  GREG  SMITH 

The  increasing  sophistication  of  applica¬ 
tion-layer  attacks  and  growth  in  application 
traffic  volume  have  led  companies  to 
deploy  a  single-purpose  security  and  ac¬ 
celeration  devices  in  their  networks. These 
include  application  firewalls  to  protect 
HTTP  and  HTTPS  traffic;  Secure  Sockets 
Layer  accelerators  to  perform  encryption 
and  decryption;  proxy  servers  for  translat¬ 
ing  sensitive  internal  URLs  and  concealing 
platform  information;  and  I/O  accelerators 
to  manage  the  setup  and  tear-down  of  TCP 
connections. 

Because  Web  services,  are  vulnerable  to 
many  of  the  same  attacks  as  HTML  appli¬ 
cations,  IT  departments  are  faced  with  the 
prospect  of  deploying  yet  another  single¬ 
function  device  to  protect  XML  traffic.  In 
response,  application  security  gateways 
have  emerged.  These  appliances  protect 
HTML  and  XML  applications,  and  perform 
additional  security  and  networking  func¬ 
tions  currently  handled  by  single-purpose 
products. 

Application  security  gateways  let  organi¬ 
zations  reduce  the  number  of  devices  in 
their  networks.The  consolidation  improves 
overall  application  performance  by  mini¬ 
mizing  the  number  of  hops  traffic  must 
make  before  reaching  the  Web  server. 
Fewer  devices  and  security  policies  to 
manage  decreases  operating  costs. 

An  application  security  gateway  which 
operates  at  Layer  7,  intercepts  and  inspects 
traffic  before  it  reaches  and  after  it  leaves  a 
Web  server.  It  verifies  that  each  user  request 
and  server  response  adheres  to  the  para¬ 
meters  and  structure  that  define  correct 
behavior  for  the  application  language 
(HTML  or  XML). 


Because  an  application  security  gateway 
predefines  what  is  appropriate,  any  devia¬ 
tion  from  correct  application  behavior  is 
immediately  blocked.  For  example,  once  a 
user  has  landed  on  the  home  page  of  a 
Web  site,  an  application  security  gateway 
will  block  requests  to  URLs  that  have  not 
been  presented  to  a  user.This  defeats  force¬ 
ful  browsing  attacks,  which  attempt  to  gain 
unauthorized  access  to  protected  applica¬ 
tion  resources  and  files. 

In  addition  to  their  core  HTML  and  XML 


application  protection  capabilities,  appli¬ 
cation  security  gateways  can  perform  the 
following  functions: 

SSL  acceleration:  Decrypts  and  analyzes 
SSL  traffic  to  prevent  hackers  from  disguis¬ 
ing  attacks  within  encrypted  payloads.  Per¬ 
forming  SSL  acceleration  within  the  gate¬ 
way  dramatically  improves  throughput  and 
response  times  by  relieving  the  Web  server 
of  these  compute-intensive  operations. 

Business  object  protection:  Analyzes  out¬ 
bound  application  traffic  to  identify  sensi¬ 


tive  information  such  as  credit  card,  Social 
Security  and  account  numbers,  and  pre¬ 
vent  them  from  being  extracted  from  a 
Web  application  or  back-end  database. 

Web  I/O  acceleration:  Improves  applica¬ 
tion  performance  and  response  times  by 
offloading  TCP  connection  setup  and  tear- 
down  operations  from  the  Web  server.  The 
application  security  gateway  terminates  all 
inbound  client  connections  and  multiplex¬ 
ing  them  into  a  small  set  of  persistent  con¬ 
nections  back  to  the  Web  server. 

Application  cloaking:  Prevents  hackers 
from  collecting  sensitive  information  about 
a  Web  server,  database,  operating  system, 
internal  domain  naming  and  the  like. 
Multilayer  cloaking  denies  hackers  valu¬ 
able  information  often  gathered  to  exploit 
existing  vulnerabilities. 

Application  proxy:  The  bidirectional 
translation  of  URLs  lets  corporations  pub¬ 
lish  user-friendly  and  consistent  URLs 
regardless  of  the  internal  URL  naming 
structure.  For  example,  a  bank  can  present 
its  online  customers  with  URLs  such  as 
www.mybank.com/checking  when  the 
internal  URL  being  accessed  is  a  long,  cryp¬ 
tic  string  of  characters. 

Defacement  protection:  Detects  even  the 
slightest  change  to  a  Web  page  and  blocks 
the  defaced  page  from  being  served  to 
visitors. 

Application  security  gateways  provide  a 
single  integrated  line  of  defense  for  HTML 
and  XML  applications,  and  eliminate  multi¬ 
ple  single-purpose  devices  to  deliver  faster 
application  performance  and  lower  man¬ 
agement  costs. 

Smith  is  senior  director  of  product  market¬ 
ing  for  Teros.  He  can  be  reached  at 
greg.  smith  @ teros.  com. 


d^ihiup  By  Steve  Blass 

In  last  week's  column  you  discussed  converting 
comma-delimited  files  to  XML  What  about  convert¬ 
ing  XML  to  a  readable  format9 

At  first  glance  this  looks  like  an  easy  problem  to 
solve  using  XML  Stylesheet  Language  Transform¬ 
ation  (XSLT).  We  match  the  document  root  with 
<xsl:template  match=’7">  and  walk  through  the 
rows  of  CSV  data  records  and  columns  of  data 
fields  printing  the  contents  of  each  field  followed 


by  a  comma,  with  line  breaks  between  records  as 
follows:  <xsl:for-each  select="record">  <xslrfor- 
each  select- '*">  <xsl:apply-templates  />, 
</xsl:for-each></xsl:for-each><br/x/xsl:for- 
eachx/xsl:temp!ate>.  For  more  examples  using 
this  kind  of  approach,  search  the  Web  for  'xml2csv.' 
Converting  XML  to  CSV  can  help  you  get  started 
with  XSLT.  To  convert  large  numbers  of  files  or 
complex  XML  files,  check  out  tools  such  as  XML- 
Spy  for  their  file  Import/Export  features.  One  rea¬ 


sonably  robust  and  free  )(ML-to-CSV  converter  is 
in  a  utilities  package  named  Poof!  at  www.kilowatt 
software.com.  The  program,  a  Windows  command¬ 
line  utility  named  xml2csv,  reads  XML  files  then 
lists  the  column  fieldnames  in  the  file  or  writes  the 
CSV  file,  with  or  without  column  headers. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 
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Complex  Flash  programming  well  worth  the  effort 


6EARHEAD 
INSIDE  THE 
HOWGfiK 
mmni 

Mark 

Gibbs 


Last  week  we  broached  the  topic  of 
Macromedia’s  Flash  system  and  dis¬ 
cussed  the  basics  Of  creating  anima¬ 
tions.  if  that  were  all  you  could  do  with 
Flash,  the  results  would  be  pretty  cool,  but 
add  programmability  to  that  and  the  results 
can  be  fantabulous! 

Programming  in  Flash  is  the  province  of 
ActionScript,  Macromedia’s  homegrown 
language  that  owes  much  of  its  design  to 
JavaScript  (more  accurately,  it  is  based  on 
ECMAscript).  But  it  differs  from  JavaScript 
in  five  main  areas. 

First,  its  document  object  model  is  very 
different  from  that  of  JavaScript  (see  www. 
nwfusion.com,  DocFinder:  9527).  Instead 
of  the  objects  you’d  find  in  a  browser  envi¬ 
ronment,  you  have  a  top-level  object 
named  Flash,  under  which  are  nine  child 
objects,  including:  Document,  an  array  of 
all  the  open  documents;  Effect,  descriptors 
of  effects  such  as  brightness  and  tint;  Math 
(need  we  spell  this  one  out?);  and  XMLUI, 


for  custom  dialog  boxes  written  in  a  subset 
of  the  XML  User  Interface  Language  (see 
www.xulplanet.com). 

Second,  there  are  a  few  JavaScript  state¬ 
ments  that  are  not  supported  in  Action- 
Script,  including  the  switch  statement  and 
exception  handling  (try/catch/throw). 

Third,  ActionScript  supports  some  state¬ 
ments,  such  as  event  handlers  and  mes¬ 
sage  sending,  that  don’t  exist  in  JavaScript. 

Fourth,  under  ActionScript  the  evaluation 
function  evaluates  only  variable  references 
rather  than  evaluating  strings  that  represent 
arithmetic  expressions  as  JavaScript  does. 

And  fifth,  ActionScript  supports  only  a 
subset  of  some  of  the  built-in  JavaScript 
objects  such  as  Date  and  String,  and  their 
methods  and  properties. 

So  there  you  have  it,  better  and  worse.  Be 
that  as  it  may . .  .the  result  is  a  rich, complex 
language  that  any  self-respecting  Java¬ 
Script  programmer  would  take  one  look  at 
and  say  “Groovy  it  will  cost  you  double” . . . 
but  would  be  able  to  handle  immediately 

The  first  version  of  the  language,  Action- 
Script  1.0,  was  superseded  by  ActionScript 
2.0,  which  introduced  improvements. And 
ActionScript  2.0  has  been  benchmarked 
to  be  three  to  seven  times  faster  than 
Version  1.0. 


As  much  as  we’d  like  to,  we  won’t  go  into 
the  language  basics,  because  it  would  take 
far  too  many  columns  to  make  a  real  dent 
in  the  topic.  Instead  we  would  refer  you  to 
“Introducing  ActionScript”  (DocFinder: 
9528),  an  excerpt  from  Macromedia  Flash 
MX  2004  ActionScript:  Training  from  the 
Source  by  Derek  Franklin  and  Jobe  Makar, 
and  Macromedia’s  online  “ActionScript 
Basics”  (DocFinder:  9529)  and  “Introduc¬ 
tion  to  ActionScript  2.0”  (DocFinder:  9530). 

The  ActionScript  programming  environ¬ 
ment  is  part  of  the  Rash  MX  development 
system  based  on  the  concepts  of  a  “stage” 
and  a  “timeline,”  as  we  discussed  last  week. 
This  is  where  you  create  media  elements 
by  assembling  them  on  the  stage  and 
arranging  them  on  the  timeline  to  create  a 
movie  clip. 

The  Flash  development  environment 
includes  a  sophisticated  script  editor.  This 
has  two  modes:  basic,  which  lets  you  con¬ 
struct  scripts  by  picking  actions  from  a 
predefined  list  that  you  then  customize  by 
dialog  choices  that  provide  lots  of  help  in 
defining  the  code;  and  advanced,  which 
provides  a  free-form  text  editor  with  key¬ 
word  coloring  and  a  lot  less  interference 
from  the  help  system.  Scripts  are  tested  in 
the  Flash  development  environment,  and 


there’s  a  script  debugger  to  watch  variables 
and  object  properties,  set  breakpoints  and 
trace  statement  execution. 

Remember  that  Flash  movies  consist  of  a 
sequence  of  frames  and  that  frames  can  be 
layered  with  separate  graphical  elements 
on  each  layer?  Well,  frames  also  can  have 
scripts  attached  to  layers  within  them  but 
you  have  to  be  careful,  as  only  the  upper¬ 
most  layer’s  script  will  be  executed  in  a 
given  frame.  Most  developers  assign  a  layer 
specifically  for  scripts  to  avoid  confusion 
and  errors. 

So  now  we  would  like  to  show  you  the 
obligatory  “Hello  World”  example  in 
ActionScript,  except  it  is  rather  tricky 
because  the  entire  ActionScript  paradigm 
is  so  graphics-based  that  we’d  have  to 
resort  to  death  by  screenshots. 

The  bottom  line  is  that  ActionScript  is  a 
complex  language  but  the  complexity  is 
worth  coming  to  grips  with  —  you’ll  find 
that  creating  rich  media  Flash  movies  is 
much  easier  than  creating  similar  effects 
in,  say  Java,  Dynamic  HTML  or  Visual  Basic, 
so  there  is  an  immediate,  upfront  cost 
advantage. 

Next  week  well  wrap  up  Flash.  Expose 
yourself  to  gearhead@gibbs.com. 


Cool 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Iomega  stylizes  its  USB  flash  drives 

Techies  probably  don’t  see  the  need 
to  jazz  up  devices,  as  we  generally  see 
the  value  of  the  technology.  But  to  lure 
others,  sometimes  you  have  to  make 
things  stylish. 

Iomega  recently  did  just  that  with  its 
new  Micro  Mini  USB  2.0  drive,  a  flash 
drive  that  can  store  up  to  128M  bytes 
of  data,  for  transferring  or  storing  pho¬ 
tos,  music,  video  clips  and  the  like.You 
also  can  store  Microsoft  Word  docu¬ 
ments  and  spreadsheets,  but  where’s  the  fun  in  that? 

The  new  drive  offers  USB  2.0  compatibility  for  faster 
transfers  and  weighs  about  0.3  ounces.  Other  cool  fea¬ 
tures  include  a  dog-tag  lanyard  (for  the  128M-byte  ver¬ 
sion)  and  snap-on  caps  in  three  colors.  For  computers 
with  Windows  2000  and  above,  Mac  OS  9  and  above,  or 
Linux  2.4.1,  there  are  no  drivers  to  install  when  connect¬ 
ing  to  a  computer. 

What’s  more  interesting  about  this  drive  is  it  supports 
..  mega's  Active  Disk  software  programs,  which  are 
designed  to  launch  automatically  when  a  device  is 
plugged  into  a  PC.  Programs  run  off  the  device  and  data 
is  stored  on  it,  so  no  trace  of  the  activity  is  left  on  the  PC 
after  tin  user  unplugs  the  device. 

The  Micro  Mini  USB  2.0  drive  (64M-byte  version)  costs 


Iomega's  Micro  Mini  USB  2.0  drive  can 
hold  as  much  as  128M  bytes  of  photos, 
music  or  other  data  to  be  transferred. 


about  $50  and  is  available  now  online.  The  128M- 
byte  version  is  scheduled  to  be  available  next 
month  for  about  $70,  Iomega  says. 

Scan  and  e-mail  in  one  swift  motion 

Imagine  putting  a  document  through  a  scanning 
device  and  automatically  hav¬ 
ing  the  document  transformed  into 
Word  or  PDF  file  that  then  gets  sent  as 
an  e-mail  (sounds  great  for  contracts). 
That’s  the  idea  behind  Lexmark’s  new 
Workgroup  OCR  Solution,  which  the 
company  launched  last  week  along 
with  the  new  X422,  a  multifunction 
printer  aimed  at  workgroups,  branch 
offices,  and  small  and 
midsize  businesses. 

The  X422  will  be 
available  next 
month  for  about 
$1,480,  Lexmark 
says. 

The  Workgroup 
OCR  Solution  (sold  separately  and  com 
patible  with  other  Lexmark  multifunction 
printers)  lets  users  insert  a  hard  copy  of  a 
document  into  a  multifunction  printer  and 
type  in  an  e-mail  address,  after  which  a  PDF 
or  Word  document  is  sent  automatically. 

The  X422  includes  printing,  color  scan¬ 
ning,  faxing  and  copying  features,  at  speeds 
up  to  22  pages  per  minute.  It  also  includes  a 
50-sheet  automatic  document  feeder  and 
Super  G3  fax  capabilities. 

NEC-Mitsubishi  updates  its  19-inch  LCD 
monitor 

NEC-Mitsubishi  Electronics  Display 


The  NEC-Mitsubishi  1960NXi  thin-frame 
monitor  automatically  adjusts  for  best 
viewing  when  it  is  turned  on. 


America  last  week  announced  a 
new,  thin-frame,  19-inch  LCD  monitor 
for  its  60  Series  line.  The  1960NXi, 
priced  at  about  $710,  includes  screen  enhancements,  on¬ 
screen  monitor  adjustments  and  a  “vacation  switch”  that 
completely  shuts  down  the  monitor’s  power  to  help  save 
electricity 

The  1960NXi  also  features  a  250  nits  of  brightness,  a  500- 
to-1  contrast  ratio  and  a  maximum  resolution  of  1,280-by- 
1,024  pixels.  The  monitor  comes  with  DV1-D  and  tradition¬ 
al  15-pin  VGA  connectors,  a  176-degree  viewing  angle,  and 

a  detachable  base  and  arm/wall 
mounting  feature. 

It  also  has  a  “No 
Touch  Auto  Ad¬ 
just”  feature  that 
automatically 
adjusts  the 
monitor’s  set¬ 
tings  for  the 
best  viewing  when 
the  monitor  is 
turned  on. 

Shaw  can  be 
reached  at 
kshaw@nww 
.com. 

Lexmark's  X422  lets 
you  put  a  document 
through  a  scanning 
device,  and  it  is 
transformed  into  a 
Word  or  PDF  file. 


of 


NetworkWorld 

TECHNOLOGY  TOUR  . 

Network 

Management 

The  New  Business  Focus 


NEW  YORK.  NY 


ATLANTA,  CA 


SCHAUMBURG,  IL 


SANTA  CLARA,  CA 


FREE  EVENT  FOR 
QUALIFIED  PROFESSIONALS 


MODERATOR 
Dr.  Jim  Metzler 


Today’s  business  demands  more  of  network  IT  managers:  Maximize  performance  from  current 
applications.  Optimize  usage  of  available  bandwidth.  Increase  quality  of  enterprise  services. 
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►  breakthroughs  in  caching  and 
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and  usage 
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WHO  WILL  BE  THERE? 

►  Dr.  Jim  Metzler,  President,  Ashton 
Metzler  and  Associates 

►  Sandra  Gittlen,  Events  Editor  for 
Network  World 


This  unique  event  brings  together  top  experts  and  key  cross-network  vendors  to  help  you  deliver  the  results 
the  enterprise  expects.  You’ll  gain  access  to  the  best  network  management  practices  of  leading  IT  organizations. 
Get  inside  expertise  from  consultants  like  Jim  Metzler.  See  demos  of  new  solutions  providers.  And  learn  how 
you  can  move  your  enterprise  —  and  yourself  —  ahead  by  successfully  resolving  issues  of  applications  and 
service  level  management.  Attendance  is  free,  but  space  is  limited,  so  register  now! 

Advance  Reservation  by  qualified  professionals  is  Required  for  Complimentary  Attendance 

Register  now  at  www.nwfusion.com/NMW4A3 
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This  event  is  limited  to  Network  and  IT  professionals  involved  in 
the  evaluation,  purchase  and  implementation  of  products  and 
services  for  IT  infrastructure  and  networks.  Network  World 
Events  reserves  the  right  to  determine  total  audience  and  profile 
of  complimentary  attendees.  Paid  registration  is  also  available. 
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To  join  sponsors  of  this  premier  Network  World  Event,  please  contact  Andrea  D' Amato  at  1  -508-490-6520  or  adamato@nww.com  for  free,  no-obligation  information. 
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EDITORIAL 

John  Dix 

Security  device 
guards  inside 
information 

Interest  in  security  has  been  running  high  for  a  few 
years  now,  reinforced  by  the  arrival  of  little  treats  like 
the  Mydoom  worm. 

And  as  you  would  expect,  the  industry  has  reacted  by 
delivering  a  slew  of  products  designed  to  address  specific 
security  needs.This  column  has  spotlighted  many  of  the 
intriguing  new  offerings, everything  from  devices  designed 
to  combat  worms  to  storage  security  appliances  and  boxes 
that  fend  off  reconnaissance  efforts. 

But  most  of  these  and  other  security  tools  are  focused  on 
external  threats,  and  many  sit  at  the  network  perimeter. 
IPLocks,a  privately  funded  company  that  was  founded  in 
January  2002  and  launched  its  first  product  that  June,  says 
the  greatest  threat  comes  from  company  insiders  and  the 
most  vulnerable  target  is  intellectual  property  —  finance 
data,  customer  information,  human  resource  records,  etc. 

—  stored  in  databases. 

To  bolster  that  claim,  IPLocks  —  short  for  Intellectual 
Property  Locks  —  points  to  the  2003  Computer  Security 
Institute/FBI  survey. That  survey  of  251  companies  shows 
that  about  half  of  computer  crime  is  done  by  employees 
and  that  the  most  costly  type  is  theft  of  proprietary  infor¬ 
mation. The  companies  suffered  a  combined  loss  of  $70 
million. 

IPLocks'  answer  is  the  Database  Security  Audit  System 
(DSAS),an  external,  non-intrusive  device  that  can  be  used 
to  assess  and  monitor  —  read  only  —  DB2,  SQL,  Oracle 
and  Sybase  databases.  One  DSAS  can  support  multiple 
data  stores. 

When  it  is  set  up,  DSAS  “looks  for  configuration  issues 
and  concerns,  identifies  potential  problems  so  they  can  be 
fixed,  and  then  establishes  a  baseline  for  continuous  moni¬ 
toring,”  says  Trish  Schaefer  Reilly, senior  marketing  manager 
at  IPLocks.  When  monitoring,  DSAS  is  “looking  for  security 
policy  violations,  malicious  or  suspicious  or  unintentional 
acts,  data  corruption,  and  information  theft,” she  says. 

She  calls  it  a  learn-and-guard  process.lt  might  take  three 
to  four  weeks  for  the  tool  to  learn  corporate  behavior,  and 
policies  can  be  fined-tuned,but  after  that  if  DSAS  sees 
something  change  that  looks  fishy,  it  alerts  designated  per¬ 
sonnel. “You  want  to  know  who  is  viewing  your  data,  who 
is  coming  in,  what  they  are  looking  at,  what  is  going  on,” 
Reilly  says. 

DSAS  consists  of  modules  for  data  inspection,  reporting, 
archiving  and  alerting.The  User  Behavior  Monitor,  for 
example,  detects  anomalous  or  malicious  access  pattern 
usage. 

This  type  of  tool  might  find  a  niche  as  the  world  begins 
to  shift  its  focus  from  perimeter  security  to  application 
layer  security 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


www.nwfusion.com 


opinions 


A  penny  for  your  e-mail 

Regarding  Howard  Anderson’s  column  “The  true 
cost  of  spam”  (www.nwfusion.com,  DocFinder: 
9522),  in  which  he  proposes  that  all  e-mail  carry  a  1 
cent  charge:  At  a  penny  per  e-mail,  spammers  are 
still  going  to  be  sending  thousands  of  e-mails.  After 
all,  it  wouldn’t  be  a  significant  increase  in  their  cost 
of  doing  business  if  they  still  get  a  1%  to  4%  return 
on  the  e-mails  they  send. 

1  prefer  paying  to  not  receive  mail,  rather  than  pay¬ 
ing  to  send.l  use  Mailblocks  spam-free  e-mail  service 
to  protect  all  of  my  e-mail  accounts.  Because  it  isn’t 
a  filtering  serviced  never  fail  to  receive  the  messages 
1  want,  no  matter  how  dumb  the  subject  line  or  con¬ 
tent  of  the  message.  1  never  receive  the  spam  mail  I 
don’t  want. 

On  an  average  day,  Mailblocks  prevents  about  600 
spam  messages  from  reaching  my  five  e-mail 
addresses.  All  the  e-mail  I  do  want  reaches  a  single 
in-box  so  I  can  answer  messages  quickly  It  only 
costs  me  $25  per  year  for  a  premium  account.  For 
average  people,  it  would  only  cost  about  $10  per 
year  —  well  worth  the  cost  for  a  spam-free  mailbox. 
I’m  just  waiting  for  them  to  come  up  with  a  corpo¬ 
rate  solution. 

When  spam  stops  reaching  in-boxes  and  people 
stop  responding  to  it,  spam  will  stop.  Until  then,  I’ll 
pay  to  keep  spam  out,  rather  than  pay  to  send  e-mail. 
After  all,  will  spammers  really  pay  an  e-mail  tax?  I’m 
sure  they  would  find  some  way  around  it. 

Cathy  Kendrick 
Lisle,  Ill. 

Is  Howard  Anderson’s  column  an  early  April  Fool’s 
joke?  Would  he  really  pay  1  cent  per  e-mail,  internal 
and  external?  Why  should  anyone  believe  that 
spammers  would,  and  that  this  would  in  any  way 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


reduce  spam?  If  CAN-SPAM  doesn’t  help,  then  charg¬ 
ing  for  e-mail  won’t,  either. Spammers  will  simply  not 
pay;  who’s  to  make  them?  Who’ll  stop  their  e-mails  if 
they  don’t  pay?  The  cost  in  equipment,  staffing  and 
infrastructure  to  enforce  a  1-cent  per  e-mail  charge 
(particularly  for  internal  mail)  would  be  huge. 

I  find  Anderson’s  claim  that  paying  1  cent  per  inter¬ 
nal  e-mail  would  in  any  way  affect  spammers  ludi¬ 
crous.  Would  charging  for  internal  company  snail- 
mail  have  any  impact  at  all  on  hard-mail  spammers? 
Of  course  not.  Companies  have  internal  mail  deliv¬ 
eries  because  it’s  faster  and  less  expensive  than 
sending  everything  through  the  U.S.mail. 

Hard-mail  spam  has  an  inherent  physical  repro¬ 
duction  and  distribution  cost. E-mail  spam  doesn’t. 
If  I  volunteer  to  pay  for  my  e-mail,  that  doesn’t 
impose  any  cost  on  spammers.  It  still  will  be  free 
for  them. 

Kevin  Grover 
Software  engineer 
JT3 
Las  Vegas 

I  can  see  Howard  Anderson’s  reasoning  and  think 
his  idea  is  good.  I  do  have  a  suggestion  that  might 
make  this  idea  more  acceptable  to  the  public  and, 
in  particular,  corporations.  What  about  taking  the  1 
cent  per  e-mail  and  giving  it  to  the  people  who 
really  pay  the  cost  of  providing  e-mail  service  —  the 
IT  departments  and  ISPs?  Instead  of  some  govern¬ 
ment  agency  getting  the  money  and  doing  who 
knows  what  with  it,  let’s  give  it  to  the  people  who  pro¬ 
vide  the  service.  We  don’t  need  the  government  to 
get  involved  with  this.This  model  would  line  up  with 
how  phone  service  is  provided  and  paid  for,  which 
is  a  model  that  seems  to  have  worked  for  the  last  sev¬ 
eral  decades. 

Phil  Reese 
Director  of  computers 
Northland  Ministries 
Dunbar,  Wis. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  9521 
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DEMO  INSIGHT 

Chris  Shipley 


Demo  2004  reveals  tech  trends 


fter  five  months  and  hundreds  of  inter¬ 
views,  70  companies  have  been  sel¬ 
ected  to  introduce  products  at  Demo 
2004,  to  be  held  Feb.  15-17  in  Scottsdale,  Ariz. 
These  products  run  the  gamut  from  build¬ 
ing-block  technologies  that 
enable  new  computer  de¬ 
signs, to  enterprise  servers  that  ensure  the  security  of 
Web  applications,  to  consumer  electronics  and  ser¬ 
vices  that  fuel  the  digital  lifestyle. 

Of  course.I  can’t  reveal  the  details  of  these  products,  but  1  can  tell  you 
that  they  represent  significant  trends  in  the  technology  markets: 

Managing  enterprise  computing.  Todays  enterprise  buyers  are 
spending  in  order  to  save.  With  as  much  as  80%  of  IT  budgets  spent  on 
system  maintenance,  IT  needs  to  consolidate,  simplify  and  better 
manage  its  infrastructure,  and  in  doing  so  save  IT  resources  for  new 
initiatives.The  coming  year  will  bring  smart  solutions  that  help  IT  staff 
manage  what  they’ve  got,  develop  what  they  need  and  measure  what 
they  deploy 

Protecting  e-mail  integrity.  E-mail  is  both  one  of  the  most  popular 
and  most  vulnerable  enterprise  applications.  Newer  threats,  from 
fraud  to  regulatory  requirements,  can  be  added  to  the  obvious  prob¬ 
lems  of  spam  and  viruses.  Relief  will  come  to  market  in  the  form  of 
applications  that  bring  greater  reliability  and  integrity  to  enterprise 
e-mail  systems. 

Securing  applications  and  data.  For  all  the  attention  paid  to  fire¬ 
walls,  network  security  and  user  authentication, Web  applications  are 


DEMO 2004 


the  single  biggest  point  of  vulnerability  for  many  companies.  New 
products  will  lock  down  Web  applications  to  protect  businesses  and 
their  customers. 

Workgroup  collaboration  goes  au  naturel.  For  all  the  promise  and 
investment,  a  decade  has  gone  by  and  companies  are  still  looking  for 
a  great  collaboration  tool  that  supports  the  way 
people  actually  work  together.  Now  we’re  start¬ 
ing  to  find  some  products  that  make  sense. 
Rather  than  the  rigid  structures  imposed  by 
enterprise  groupware, a  new  breed  of  communications  tools  have  been 
built  on  the  understanding  that  collaboration  is  dynamic, spontaneous 
and  organic.  Better  yet,  these  tools  are  easily  deployed  and  eagerly 
embraced  by  users. 

The  consumer  market  bounces  back.  Over  the  past  few  years,  the 
consumer  market  was  non  grata.  Now  momentum  is  building  in  the 
consumer  market.  Broadband  access,  falling  prices,  simple  yet  pow¬ 
erful  devices,  digital  entertainment  media, Wi-Fi  networks  —  these  are 
the  drivers  of  a  new  digital  lifestyle. And  this  new  digital  lifestyle  is  dri¬ 
ving  the  adoption  of  new  technology  and  demanding  innovation.The 
consumer  will  spur  the  market’s  greatest  innovations  over  the  next 
five  years. 

Products  and  technologies  representing  each  of  these  trends  and 
more  will  debut  at  Demo  2004.  If  you  want  to  see  them  firsthand, you’ll 
find  registration  information  at  www.demo.com/demo. 

Shipley  is  executive  producer  of  the  Demo  Conferences  and  a  vet¬ 
eran  technology  watcher.  She  can  be  reached  at  chris@demo.com. 


The  consumer 
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MOVE  THE  CLOUD 

James  Kobielus 


New  specs  enrich  identity  federation 


i 


n  dynamic  e-business  environments,  com¬ 
panies  want  to  respond  rapidly  and  effec¬ 
tively  to  events  rather  than  be  overtaken  by 
them.  Forward-looking  companies  design 
their  distributed  services  on  event-driven 
principles.  This  strategy  helps  ensure  that 
important  events  —  in  applications,  systems 
and  components  —  are  communicated  in  real  time  to  the  appropriate 
parties.  Event-notification  services  let  applications  specify  the  types  of 
events  they’ll  publish  and  subscribe  to,  the  formats  in  which  notifica¬ 
tions  will  be  transmitted,  and  the  frequency  with  which  they’ll  be  sent. 

Until  recently  the  Web  services  industry  lacked  open  standards  for 
event  notification.  Last  month,  two  industry  groups  released  rival  spec¬ 
ifications  that  address  this  requirement.  One  group  —  BEA  Systems, 
Microsoft  and  Tibco  Software  —  published  a  co-authored  specification 
called  Web  Services  Eventing  (WS-Eventing);  another,  led  by  IBM, 
released  its  Web  Services  Notification  (WS-Notification)  spec. 

One  important  feature  of  WS-Eventing  and  WS-Notification  is  that  they 
do  not  restrict  the  types  or  contents  of  messages  that  might  serve  as 
event  notifications,  nor  do  they  restrict  which  entities  might  publish 
and  subscribe  to  these  messages.This  means  developers  can  begin  to 
implement  a  general-purpose  events  infrastructure  and,  as  Web  ser¬ 
vices  based  on  Simple  Object  Application  Protocol  become  ubiqui¬ 
tous,  make  this  infrastructure  available  to  all  applications  and  services. 

Notifications  of  user-generated  events  should  be  distributed  in  the 
same  general-purpose  infrastructure  that  handles  system-level  notifica¬ 
tions.  Inevitably,  WS-Eventing  and/or  WS-Notification  (or  some  con¬ 
verged  specification  that  supersedes  both)  will  be  implemented  in 
identity  management  systems  to  notify  applications  of  important 
events  concerning  particular  users.  For  example,  an  identity  manage¬ 
ment  environment  might  notify  authorized  applications  that  a  user  has 
connected  to  the  network,  logged  on  to  a  particular  domain,  moved  to 
particular  geographic  coordinates  and  been  granted  particular  roles. 


permissions  and  personalization  settings. 

To  varying  degrees,  the  flow  of  identity  information  is  determined  by 
the  implementation  profiles  of  identity  management  federation  proto¬ 
cols,  such  as  Security  Assertion  Markup  Language  (SAML)  1.1;  Liberty 
Alliance  Identity  Federation  Framework  (1D-FF)  1.2  and  Identity  Web 
Services  Framework  (ID-WSF)  1.0;  and  Web  Services  Federation 
Language  (WS-Federation)  1.0.  Both  Liberty  ID-WSF  1.0  and  WS- 
Federation  1.0  define  complex  infrastructures  for  brokering  requests 
for  identity-related  user  attributes  among  federated  identity  manage¬ 
ment  domains.  However,  both  specs  fall  short  of  defining  publish  and 
subscribe  (pub/sub)  protocols  for  handling  identity  information  inter¬ 
change  across  federated  identity  management  infrastructures. 

That’s  where  WS-Eventing  and/or  WS-Notification  will  prove  indis- 
pensable.They’re  part  of  a  broader  set  of  WS-*  specs  designed  to  build 
on  one  another  within  the  Web  services  framework. This  means  other 
Web  services  needn’t  embed  their  own  special-purpose  eventing  infra¬ 
structures.  Instead,  they  should  have  access  to  a  universal  event  service 
that  implements  one  of  the  two  specs. 

Liberty  should  reference  WS-Eventing  and/or  WS-Notification  in  its 
identity  management  protocols,  and  the  developers  of  WS-Federation 
should  do  likewise  in  future  revisions.  And  as  OASIS’ Security  Services 
Technical  Committee  continues  development  on  SAML  2.0,  it  should 
begin  to  consider  the  need  for  a  general-purpose  event  pub/sub  envi¬ 
ronment  for  federated  identity  management.  However,  the  SAML  2.0 
feature  list  has  more  or  less  been  finalized,  and  event  notification  isn’t 
on  it.  Identity  event  notification  will  become  a  candidate  for  the  even¬ 
tual  SAML  3.0  as  soon  as  the  federated  identity  management  industry 
catches  the  vision  and  begins  to  compose  standards  with  WS-Eventing 
and/or  WS-Notification  in  mind. 

Kobielus  is  a  senior  analyst  with  Burton  Group,  an  IT  advisory  service 
that  provides  in-depth  technology  analysis  for  network  planners.  He  can 
be  reached  at  (703)  924-6224  orjkobielus@burtongroup.com. 


WS-Eventing  and 
WS-Notification 
are  part  of  a 
broader  set 
of  WS-*specs 
designed  to  build 
on  one  another 
within  the  Web 
services  frame¬ 
work. 


Savvy  companies  are  mixing  and 
matching  onshore  IT  staffers  with  off¬ 
shore  developers  to  save  money,  speed 
up  projects  and  keep  customers  happy. 


BY  ELLIOT  KASS 

HBft  NHSHEI 


At  Nielsen  Media  Research,  the  TV  and  radio  audience 
easurement  company,  offshore  outsourcing  plays  a  part 
a  nearly  e|/ery  link  of  the  product  chain.  But  it’s  not  the 
?wl|ole  chain. 


“We  choose  to 
outsource  a  lot  of 
different  things,  but  we  manage  these  pro¬ 
jects  as  if  there’s  a  single  staff  made  up  of 
three  groups  —  an  offshore  team,  an 
onshore  team  and  a  core  group  that 
remains  internal  to  the  company?’  says 
Nielsen  CIO  Kim  Ross.  In  so  doing,  Nielsen 
is  pioneering  a  new  and  more  selective 
approach  to  outsourcing  that  relies  less  on 
transferring  IT  jobs  abroad  and  more  on 
using  overseas  talent  in  tandem  with  IT  per¬ 
sonnel  stationed  closer  to  home. 

Offshoring  is  growing 

By  all  accounts,  more  companies  are 
shifting  IT  functions  overseas.  AMR  Re¬ 
search  reports  that  20%  of  U.S.  IT  organiza¬ 
tions  already  have  moved  portions  of  their 
technology  services  offshore.  Gartner  says 
the  real  percentage  is  twice  that  and  will 
jump  to  80%  of  large  corporate  IT  depart¬ 
ments  tfiis  year. 

“The  reason  for  this  growth  is  really  quite 
simple,”  says  AMR  researcher  Lance  Travis. 
‘Cost  savings  from  offshore  outsourcing  are 
too  compelling  to  ignore.” 

The  savings  come  from  farming  out  work 
places  such  as  India,  China  and  the 
1 1  ;i  opines,  where  programmers  are  paid 
as  $10  per  hour. The  salary  differen- 
■en  developers  in  the  U.S.  and  sim- 
led  professionals  in  countries 
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where  wages  are  significantly  lower  can 
mean  annual  savings  as  high  as  50%, 
according  to  James  Brewer,  vice  president 
of  global  services  delivery  at  Keane,  a 
provider  of  application  outsourcing  ser¬ 
vices  in  Boston. 

Michael  Doane,an  analyst  at  Meta  Group, 
says  the  savings  is  closer  to  15%  to  20%.“The 
biggest  mistake  companies  make  is  to 
assume  that  their  savings  will  match  the 
salary  differential,”  he  says.“There  are  other 
expenses  that  need  to  be  taken  into 
account, such  as  the  cost  of  additional  pro¬ 
ject  oversight,  communications  and  travel.” 

But  the  advantages  of  offshore  develop¬ 
ment  go  beyond  simple  cost  reduction. 
“For  new  development  projects,”  Doane 
says,  “taking  a  follow-the-sun  approach 
allows  the  work  to  proceed  24-7. 
Completed  work  can  be  reviewed  and 
next  steps  planned  during  the  onshore 
cycle,  and  then  coding  can  move  forward 
during  the  offshore  cycle.” 

Known  as  global  sourcing,  globalization 
or  the  global  virtual  resource,  this  develop¬ 
ment  model  generally  involves  three 
groups  of  IT  professionals  working  closely 
together:  company  employees  who  can 
work  face-to-face  with  users  and  translate 
business  requirements  into  technical  spec¬ 
ifications;  third-party  developers  who  work 
in  the  U.S.  or  in  Canada  (where  wages  are 
lower  than  in  the  U.S.,  but  not  nearly  as  low 


as  in  a  country  such  as  India)  and  share 
the  same  time  zone  with  the  internal  team; 
and  offshore  personnel  who  perform  a 
variety  of  functions  at  a  fraction  of  what  it 
would  cost  in  the  U.S. 

Nielsen  learns 

Nielsen  discovered  early  on  that  offshore 
development  work  was  about  more  than 
replacing  well-paid  U.S.  programmers  with 
less-expensive  foreign  engineers.The  media 
research  firm  began  experimenting  with 
offshoring  in  1995  and  now  does  25%  of  its 
development  work  offshore  through  Cog¬ 
nizant  Technology  Solutions.  Nielsen  has 
had  success  with  three  types  of  offshore 
projects:  ongoing  software  maintenance, 
software  conversion  projects  (such  asY2K) 
and  original  application  development. 

“Most  of  our  IT  work  has  to  do  with  pro¬ 
ducing  our  product  —  collecting  data  from 
30,000  homes  on  a  daily  basis,  analyzing 
that  data  and  packaging  it  in  a  proprietary 
database  built  by  Nielsen,”  Ross  says.  “We 
use  Cognizant  in  every  link  of  this  chain  ex¬ 
cept  data  collection.” 

Nielsen  learned  by  experience  to  deter¬ 


mine 
which 
types  of  pro¬ 
jects  were  most  cost 
effective  to  move  offshore.“We 
see  little  value  in  offshoring  legacy  work,” 
Ross  says.  “Next-generation  applications  is 
where  the  payoff’s  the  greatest.” 

His  reasoning  is  that  Nielsen’s  internal  IT 
staff  already  understands  the  legacy  ap¬ 
plications  and  that  the  time  spent  transfer¬ 
ring  that  knowledge  to  offshore  personnel 
would  eat  any  potential  savings.  On  the 
other  hand,  new  applications  are  driven  by 
new  business  opportunities  that  require  a 
rapid  response,  which  the  internal  staff  is 
usually  too  busy  to  provide.  For  instance, 
when  advertisers  wanted  better  informa¬ 
tion  on  Internet  usage,  Nielsen  quickly 
launched  a  new  Internet  usage  measure¬ 
ment  business  by  using  Cognizant  pro¬ 
grammers  in  India. 

Although  he  says  the  time  saved  on  pro¬ 
ject  development  is  difficult  to  quantify, 


“We’ve  strategically  placed 
IT  staff  in  various  time 
zones  to  ensure  the 
company  is  always  open 
for  business.” 
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initial  design  phase  to  the  offshore  devel¬ 
opment  team  and  to  use  Nielsens  internal 
staff  of  500  developers  to  manage  the  pro¬ 
ject.  Cognizant’s  programmers  in  the  U.S.or 
Canada, who  operate  in  the  same  time 
zone  as  the  internal  team,  frequently  carry 
out  revisions  and  enhancements.  This 
allows  for  faster  turnaround  and  closer  col¬ 
laboration  with  the  internal  staff.  Typically 
30%  of  a  project  team  will  operate  onshore, 
and  the  remaining  70%  work  abroad. This 
strategy  resulted  in  a  25%  to  30%  savings 
compared  to  staffing  a  project  entirely  with 
internal  employees,  Ross  says. 

State  Street,  a  financial  services  company 
with  offices  in  23  markets  around  the 
world,  considers  offshore  outsourcing  “a 
natural  and  necessary  ingredient  in  State 
Streets  growth  as  a  global  company’  says 
CIO  Joseph  Antonellis.  “Since  our  clients 
expect  us  to  provide  constant,  high-quality 
service  24  hours  a  day  worldwide,  we’ve 
strategically  placed  IT  staff  in  various  time 
zones  to  ensure  that  the  company  is  always 
‘open’  for  business.” 

Antonellis  says  cost  savings  are  impor¬ 
tant,  but  of  greater  concern  is  the  effect  that 
moving  an  IT  function  or  operations  center 
will  have  on  clients. 

Development  projects  are  often  undertak¬ 
en  using  the  onshore-offshore  model.  For 
instance,  portions  of  State  Street’s  financial 
Insightapplications  and  proprietary  invest¬ 
ment  tools  such  as  Lattice,  Price  Alert  and 
Mystatestreet.com  were  developed  over- 
seas.“The  basis  for  deciding  which  piece  of 
a  project  stays  in-house,  vs.  which  piece  is 
taken  offshore,  is  whether  or  not  it  will  ere 
ate  greater  efficiencies  in  our  processes. 


Ross 
says  new 
projects  can 
be  started  more 
quickly  because  Nielsen 
doesn’t  have  to  recruit  new  people.This  lets 
the  company  respond  swiftly  to  unexpect¬ 
ed  developments  with  minimal  risk.  If  a 
new  application  fails  to  pan  out,  then  the 
cost  of  the  initial  design  work  will  have 
been  significantly  less  than  if  it  had  been 
pursued  at  home.  But  if  the  application 
bears  fruit,  then  the  offshore  developer 
will  be  in  an  ideal  position  to  support  it, 
significantly  reducing  the  cost  of  ongoing 
maintenance. 

But  Ross  adds  that  only  stable,  well-articu¬ 
lated  projects  should  be  moved  offshore. 
“That’s  the  first  acid  test,”  he  says.  “If  the 
requirements  need  continuous  end-user 
feedback  and  will  be  defined  as  you  go, 
then  you’re  better  off  keeping  that  project 
in-house.” 

Ross  also  learned  that  splitting  one  devel¬ 
opment  project  between  two  teams  of  pro¬ 
grammers  —  one  offshore,  the  other  on¬ 
shore  —  does  not  work  well. When  Nielsen 
attempted  this,  the  additional  development 
cycles  and  overhead  required  to  coordi¬ 
nate  the  two  teams  offset  any  economic 
advantage. There  were  also  timeline  issues. 
“We  found  we  couldn’t  manage  the  critical 
path  quite  so  well,”  he  says. 


A  better  model 

Ross  says  a  better  model  is  to  assign  the 
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Meta  Group  analyst  Mic¬ 
hael  Doane  sees  far  reach¬ 
ing  implications  for  the  glo¬ 
bal  sourcing  approach.  He 
says  implementing  large- 
scale  enterprise  applica¬ 
tions,  such  as  ERP  and  CRM, 
can  be  done  to  great  advantage  using  a  combination  of  onshore  and  offshore 
resources.  As  an  example,  he  says  the  global  energy  company  BP  reduced  the 
cost  of  a  corporate-wide  SAP  implementation  by  30%  using  this  strategy. 

Software  implementations  such  as  ERP  are  carried  out  in  five  phases,  Doane 
says.  The  first  phase,  strategy  and  planning,  and  the  second  phase,  blue  printing 
and  design,  require  lots  of  revisions  and  require  a  lot  of  interaction  with  end 
users.  This  means  they  are  best  carried  out  by  an  internal  team  or  consultants 
working  locally.  During  the  third  phase,  software  configuration,  significant  sav¬ 
ings  can  be  achieved  by  sending  most  of  the  work  offshore,  although  any 
redesign  work  would  continue  to  be  performed  onshore  as  the  configuration 
work  progresses. 

The  fourth  phase  is  data 
migration,  which  involves 
populating  the  new  ERP 
master  file  with  data  from 
legacy  systems.  Doane  de¬ 
scribes  this  as  “real  drudge 
work  that's  well  suited  to 
less-expensive  offshore 
labor."  Likewise  system  test¬ 
ing,  the  fifth  and  final  phase, 
and  any  application  cus¬ 
tomization,  also  can  be  done 
just  as  effectively  and  far 
more  economically  offshore. 

"This  model  will  catch  on 
over  the  next  12  to  18 
months,  and  will  make 
enterprise  applications  like 
ERP  much  more  affordable 
for  the  mid-market,  which 
has  always  resisted  them" 
because  of  the  high  costs 
of  implementation,  Doane 
says.  Selectively  using  off¬ 
shore  resources  to  reduce 
those  costs  “will  open  up 
a  huge  new  market  and 
create  opportunities  for 
much  greater  business 
efficiencies.” 

—  Elliot  Kass 
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A  project  is  well-suited  for 
offshore  outsourcing  if  it: 

•  Has  little  immediate  effect  on  business 
strategy  or  revenue. 

•  Has  clearly  defined  requirements.  Is  a  sig¬ 
nificant  drain  on  resources,  preventing  other, 
more  important  work  from  being  carried  out. 

•  Involves  low  operational  complexity. 

•  Is  well-documented  and  readily  lends  itself 
to  knowledge  transfer. 

A  project  is  poorly  suited  for 
offshore  outsourcing  if  it: 

•  Involves  high  risk,  such  as  potential  loss  of 
control  of  proprietary  business  processes  or 
sensitive  data. ' 

•  Is  highly  iterative  or  in  flux. 

•  Requires  on-going  feedback  from  end  users. 

•  Would  violate  regulatory  requirements  or 
customer  privacy. 

•  Would  entail  extensive  employee  backlash. 
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Network  advances 
help  companies 


Recent  advances  in  network 
technology  are  helping  to 
change  the  dynamics  of  off¬ 
shore  outsourcing. 


"The  offshore  provider’s  net¬ 
working  facilities  are  a  real 
important  consideration  — 
especially  in  the  start-up 
phase"  of  an  outsourcing  rela¬ 
tionship,  says  Nielsen  Media 
Research  CIO  Kim  Ross. 
"Credible  offshore  development 
companies  have  their  own  dedi¬ 
cated  network  facilities  in  the 
US.,”  although,  he  adds,  a  VPN 
is  a  viable  alternative. 

"Communication  costs  are  an  important  factor,"  agrees  AMR  Research's 
LanceTravis.  "It  used  to  be  that  only  the  largest  multi-national  companies  could 
afford  to  get  started  with  offshore  outsourcing.  Today,  cheaper,  more  reliable 
technology  has  put  it  within  reach  of  just  about  every  IT  organization.  They  can’t 
afford  not  to  go  offshore." 

For  application  development  projects,  Travis  says,  the  overseas  developer  typ¬ 
ically  receives  a  copy  of  the  source  code  and  then  sends  batch  updates  via  the 
network  to  the  U.S.  For  ongoing  applications  support,  the  servers  are  located 
close  to  where  the  users  are  and  the  overseas  administrators  logon  remotely. 
“It's  a  lot  more  cost-effective  for  10  admins  to  log  in  than  a  thousand  order-entry 
clerks,"  he  says. 

Voice  applications  are  also  benefiting.  "Voice  compression  has  come  a  long 
way  and  this  helps  facilitate  call  transfers  and  to  lower  costs,"  says  Sony 
Electronics'  Maureen  Read,  vice  president  and  general  managers  of  Customer 
Information  Services  Center,  who  runs  a  call  center  in  India.  "We  also  use  voice 
over  IP  to  do  the  same  thing  and  for  the  same  reasons." 


free  up  time  for  our  IT  staff  to  concentrate 
on  more  important  projects  and  allow  us  to 
better  manage  our  costs,”  Antonellis  says. 
State  Street  developers  whose  jobs  move 
overseas  are  shifted  to  project  management 
tasks  that  require  in-depth  knowledge  of 
State  Streets  business  operations  and  direct 
interaction  with  clients  and  end  users. 

One  example  of  this  approach  is  State 
Street’s  research  and  development  partner¬ 
ship  with  China’s  Zheijang  University 
Technology  Center.  The  university  works 
with  the  company  to  develop  software  for 
Chinas  financial  services  industry 

“We  commissioned  Ph.D.  technicians 
from  Zheijang  for  the  R&D,  but  did  not  out¬ 
source  the  data  center  and  IT  infrastructure 
that  will  support  the  applications,”  which 
State  Street  will  deploy  and  operate, 
Antonellis  says. 

Support  from  Sony 

In  contrast  to  State  Street  and  Nielsen, 
Sony  Electronics  avoids  sending  new 
development  work  offshore. 

“The  functions  we  outsource  are  all  repet¬ 
itive,  standardized  processes,  where  the 
knowledge  and  training  are  fully  devel¬ 
oped,”  says  Maureen  Read,  vice  president 
and  general  manager  of  Sony  Electronics’ 
Customer  Information  Services  Center, 
which  farms  out  several  support  functions 
to  India  and  the  Philippines. 

An  example  is  product  support.  When 


Sony  releases  a  new  product,  it’s  supported 
in-house,  Read  says.  Only  after  the  process 
is  well-established  and  Sony  is  confident 
that  customer  expectations  are  being  met, 
would  it  consider  outsourcing  the  process. 

“We  don’t  outsource  unique  processes  or 
products  where  the  infrastructure  has  too 
many  variables  to  be  in  control  or  where 
the  knowledge  is  proprietary  in  nature,”  she 
says. 

But  Sony  still  uses  the  onshore-offshore 
model  to  its  benefit.  Last  year,  the  company 
installed  a  new  knowledge  base  to  support 
its  internal  help  desk  and  external  cus¬ 
tomers  via  the  Web  and  e-mail. “This  was  a 
large  undertaking,”  Read  says,  and  initially 
“all  of  our  knowledge  developers  were 
totally  consumed  with  migrating  data  and 
handling  inputs  to  the  database.That  left  no 
time  to  do  the  futuristic  things  that  we  had 
planned  or  to  implement  ideas  that  we 
came  up  with  during  the  integration 
process.” 

Sony  responded  by  sending  some  of  the 
routine, standardized  tasks  offshore,  freeing 
the  in-house  team  to  work  on  expanding 
the  systems  capabilities.  “While  sending  a 
portion  of  the  work  overseas  didn’t  lower 
the  cost  of  the  original  project,”  it  enabled 
us  to  expand  our  results  and  still  come  in 
on  budget,”  Read  says, 

Read  cautions  that  anyone  sending  IT 
work  abroad  should  expect  the  unexpect¬ 
ed.  Recalling  her  first  visit  to  Sony’s  overseas 


service  center,  she  says,  “Nobody  can  pre¬ 
pare  you,  as  an  individual,  for  doing  busi¬ 
ness  in  India.  As  the  car  I  was  in  became 
stuck  in  traffic,  I  turned  to  see  an  elephant 
passing  us  by  I  realized  then  that  nothing 


was  going  to  be  quite  as  we  expected.” 

Kass  is  a  business  and  technology  writer 
in  Ridgefield,  Conn.  He  can  be  reached  at 
ellkass@comcast.  net. 


Career  IT  pros  should 
view  offshoring  as  an  opportunity 
to  shift  gears,  rather  than  a  threat 


The  most  vociferous  objections  to  offshore  out¬ 
sourcing  come  from  developers  and  other  IT  profes¬ 
sionals  who  feel  that  their  jobs  are  threatened.  What 
they  might  not  realize  is  the  extent  to  which  they  can 
mitigate  the  effect  by  taking  advantage  of  the  new 
career  paths  that  globalization  is  creating. 

“What  U.S.  industry  needs  more  than  programmers 
are  IT  people  that  understand  business  processes  and 
can  translate  these  processes  into  technical  require¬ 
ments,"  says  Michael  Doane,  an  analyst  with  Meta 
Group.  IT  professionals  based  in  the  U.S.  can  play  the 
decisive  role  in  any  offshore  development  project,  he 
says,  "by  positioning  themselves  as  the  intermediary 
between  the  client,  the  onshore  and  the  offshore 
resource." 

Global  outsourcing  "is  a  great  opportunity  for  people 
in  project-management  roles,"  says  Keane  consultant 
James  Brewer.  "They  are  in  the  driver's  seat." 


“We  see  little 
value  in  offshoring 
legacy  work.” 


With  an  offshore  development  project,  Brewer  says, 
the  project  manager  controls  the  communications  and 
the  exchange  of  software.  “This  puts  them  in  a  great 
position  to  add  value  to  their  companies  and  their 
careers,”  he  says. 

But  to  remain  competitive,  IT  pros  can't  rely  on  tech¬ 
nical  expertise  alone.  "They  must  be  expert  in  the  busi¬ 
ness  practices  of  a  particular  industry  in  order  to  help 
their  clients  get  the  most  out  of  their  business  process¬ 
es,”  Doane  says. 

Such  sentiments  echo  the  way  Kim  Ross,  CIO  of 
Nielsen  Media  Research,  organizes  his  project  devel¬ 
opment  work  teams,  Typically,  there  are  three  compo¬ 
nents  to  the  team’s  structure:  onshore  and  offshore 
developers,  who  work  for  third  parties,  and  a  Nielsen 
anchor  team  that  oversees  the  project  and  ensures 
quality  control,  Ross  says. 

Members  of  the  anchor  team  "must  be  able  to  trans¬ 
late  business  needs  into  IT  requirements,"  he  says. 
“They  are  responsible  for  ensuring  that  the  specifica¬ 
tions  are  correct  and  reflect  the  business  objectives, 
and  for  maintaining  accountability  and  confirming  that 
the  end  product  is  of  suitable  quality.” 

Offshore  outsourcing  "represents  a  new  career 
path,  but  also  a  challenge  for  IT  professionals  to  keep 
their  skills  current,"  says  Thomas  Kochan,  a  manage¬ 
ment  professor  at  Massachusetts  Institute  of 
Technology.  “In  this  new  phase  of  the  profession,  those 
involved  in  IT  will  need  project  leader  and  quasi-man¬ 
agement  skills  in  addition  to  deep  technical  skills  and 
will  be  under  pressure  to  move  into  these  new  roles 
quickly." 

But  Kochan  also  warns  that  the  responsibility  for 
making  this  transition  cannot  be  foisted  solely  onto 


individual  professionals.  If  it  is,  the  U.S.  could  face  a 
serious  skill  drain  over  the  next  five  to  10  years.  For  the 
U.S.  to  maintain  its  skill  base,  “industry  leaders  and 
professionals,  professional  associations  and  academ¬ 
ic  centers  must  all  work  together,”  he  says,  to  devise 
ways  of  nurturing  the  profession. 

—  Elliot  Kass 


Are  Global  sourcing 

creates  a  need  for  new  skill  sets.  Here's 
what  this  new  role  will  require  of  you: 


INDUSTRY  EXPERTISE  Generic  knowledge  is  out. 
You’ll  need  to  be  expert  in  the  business  practices  of  a 
particular  industry 


PROJECT  MANAGEMENT  KNOW-HOW  With  IT 

resources  scattered  near  and  far,  this  will  be  the  glue 
that  holds  it  all  together. 


BUSINESS  PROCESS  KNOWLEDGE  U.S.  industry 
needs  people  that  can  translate  these  processes  into 
technical  requirements. 


COMMUNICATIONS  SAVVY  You’ll  need  to  keep 
everyone  on  the  same  page.  But  remember:  Not  every¬ 
one  will  be  speaking  the  same  language 

PEOPLE  SKILLS  The  byword  here  is  flexibilityYou’ll 
need  to  coordinate  the  work  of  people  with  assorted 
skill  sets  from  diverse  cultural  backgrounds. 


TECHNICAL  MASTERY  Don’t  forget  about  your 
technical  proficiency  It’s  the  foundation  for  everything 
else  that  you  do. 


Reading  someone  else’s  copy  of 
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LIVE  COMMUNICA¬ 
TIONS  SERVER  2003 


Microsoft  improves  instant  messaging, 
but  only  for  internal  clients 


■  BY  TRAVIS  BERKLEY,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


As  instant  messaging  and  presence  products  have  become  prevalent  in  cor¬ 
porations,  Microsoft  has  taken  the  instant  messaging  engine  out  of 
Exchange  2000  and  turned  it  into  a  stand-alone  product,  Live 
Communications  Server  2003. 


All  IM  functionality  was  removed  from 
Exchange,  so  if  you’re  looking  to  upgrade 
to  Exchange  2003  and  want  to  keep  the 
IM, you’ll  also  need  to  buy  LCS.  (However, 
Exchange  2000  licenses  covered  by 
Microsoft’s  Software  Assurance  program 
allow  you  to  receive  LCS  licenses  when 
you  upgrade.)  We  recently  tested  LCS 
and  found  it  to  be  much  better  than  the 
IM  in  Exchange  2000,  but  perhaps  too 
limited  for  those  looking  to  purchase  an 
IM  package  as  a  separate  system. 

Putting  it  together 

LCS  must  be  installed  on  a  Windows 
2003  Server  or  Advanced  Server  that  is  a 
member  server  of  your  Active  Directory 
Microsoft  highly  recommends  that  LCS 
be  on  a  server  other  than  a  domain  con¬ 
troller.  The  installation  does  an  Active 
Directory  schema  extension  to  handle 
the  new  data  types.  Besides  the  problems 
we  had  installing  a  Service  Pack  for 
Windows  Server,  the  LCS  installation  was 
straightforward. 

The  administration  tool  to  manage  the 
LCS  is  simply  a  snap-in  to  the  standard 
Microsoft  Management  Console,  and  will 
launch  as  a  stand-alone  application. 
Although  the  snap-ins  originally  are 
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Live  Communications 
Server  2003 


OVERALL  RATING 

4/13 


Company:  Microsoft,  www.microsoft. 
com  Cost:  Volume  licensing  starts  at 
$733  per  server  and  $25  per  Client  Access 
License.  Pros:  Easy  to  install  and  manage; 
message  encryption  and  archiving 
available.  Con:  Windows  Messenger  PCs 
must  be  a  member  of  domain. 


Features  40% 

4.5 

Management  30% 

4 

Installation  15% 

4 

Documentation  15% 

3.5 

TOTAL  SCORE 

4.13 

■  Scoring  Key:  5:  Exceptional;  4:  Very  good; 
3:  Average;  2:  Below  average;  1:  Consistently 
subpar 


How  we  did  it 


Vflf  e  installed  Windows  2003  Server  on  two  HP  ProLiant  360  G3  servers, 
■Mb  each  with  a  2.4-GHz  Intel  Xeon  processor,  1G  byte  of  RAM  and  72G 
■  W  bytes  of  mirrored  disk  on  a  SmartArray  controller.  A  primary  domain 
controller  and  Exchange  2003  were  installed  on  our  first  server,  and  Live 
Communications  Server  was  installed  on  the  second  server. 

Our  clients  were  various  PCs  running  Windows  XP  Professional,  Windows 
Messenger  5,0  and  Microsoft  Office  Professional  2003,  We  initiated  numerous 
chat  sessions,  voice  and  video  sessions,  as  well  as  file  transfers  between  the 
Windows  Messenger  clients.  Using  Outlook,  we  initiated  chat  sessions  directly 
from  e-mail  and  the  like, 


placed  on  the  Windows  server,  you  can 
install  the  snap-ins  at  additional  worksta¬ 
tions  where  Active  Directory  administra¬ 
tion  is  performed. 

The  installation  CD  has  plenty  of  docu¬ 
mentation  that  can  help  you  plan  your 
installation,  migration  or  a  test  deploy¬ 
ment.  A  deployment  guide  can  help  you 
size  your  hardware,  set  usage  policies 
and  give  ideas  of  a  typical  installation. 

Because  LCS  relies  on  Active  Directory 
to  hold  its  objects,  it  scales  just  as  Active 
Directory  does.  As  your  LCS  user  base 
grows,  you  can  install  LCS  services  on 
multiple  servers  that  all  share  the  same 
user  information. 

Microsoft  abandoned  the  Rendezvous 
protocol  used  in  its  previous  IM  engine. 
LCS  now  uses  existing  Internet  standards, 
including  Session  Initiation  Protocol,  SIP 
for  Instant  Messaging  and  Presence 
Leveraging  Extensions  (SIMPLE)  and 
Simple  Object  Access  Protocol.  These 
protocols  were  added  to  Windows 
Messenger  5.0  to  let  it  communicate  with 
other  messaging  services.  Because  Win¬ 
dows  Messenger  is  the  supported  client 
for  LCS,  these  protocols  were  used. 

We  were  disappointed  our  Windows 
Messenger  clients  had  to  be  a  member  of 
the  domain  in  which  LCS  is  running.  We 
tried  but  could  not  get  Windows  Mes¬ 
senger  to  authenticate  to  LCS  unless  the 
client  was  a  domain  member  and  not 
simply  authenticated  to  the  domain. This 
information  was  lacking  from  all  the 
documentation. 

Another  drawback  is  that  you  cannot 
give  an  LCS  account  to  someone  who 
cannot  authenticate  to  your  Active  Di¬ 
rectory  forest.  It  is  possible  to  have  a 
“multi-forest”  implementation  as  long  as 
there  are  ample  two-way  trusts  among  the 
forests.  Microsoft  has  a  separate  product, 
MSN  Messenger  Connect  for  Enterprises, 
if  you  wish  to  connect  to  outside  con¬ 
tacts.  However,  this  product  simply  con¬ 
nects  your  LCS  network  to  the  MSN  net¬ 
work.  Without  it,  the  scope  of  your  IM 
community  is  limited  to  your  company 

Once  authenticated,  Windows  Mes¬ 
senger  can  perform  all  its  usual  func¬ 
tions,  including  showing  a  user’s  pres¬ 
ence;  initiating  chat  sessions  with  others 
in  a  contacts  list;  whiteboarding;  and 


application  sharing.  LCS  also  will  support 
the  peer-to-peer  audio  and  videoconfer¬ 
encing  that  is  built  into  Windows 
Messenger  5.0. 

Secret  messages 

An  improvement  to  LCS  is  the  ability  to 
encrypt  all  traffic.  Server-to-server  traffic 
and  client-to-server  traffic  can  be  en¬ 
crypted  using  Transport  Layer  Security 
Windows  Messenger  can  be  set  to  en¬ 
crypt  the  audio-video  datastreams  using 
Data  Encryption  Standards  algorithms. 
The  Real-Time  Transport  Protocol  also  is 
supported,  but  we  did  not  test  this  fea¬ 
ture.  For  companies  concerned  with 
securing  instant  messages,  this  is  a  good 
way  to  do  it. 

With  LCS  installed, Windows  Messenger 
then  can  lend  some  functionality  to  Out¬ 
look  2003  clients.  For  example,  when  a 
user  receives  an  e-mail,  he  can  add  the 
sender's  name  to  the  Windows  Mes¬ 
senger  contacts. 

If  the  name  is  already  in  the  list,  a  user 
can  check  the  presence  of  or  begin  a 
chat  session  with  that  person.  Without 
LCS  (or  another  service,  such  as  MSN) 
you  only  can  reply  to  the  sender’s  name 
or  look  up  their  Outlook  account  prop¬ 
erties.  Windows  Messenger  doesn’t 
extend  into  other  applications  in  the 
Office  2003  suite  without  the  assistance 
of  other  products,  such  as  Microsoft’s 
SharePoint  Services. 

We  also  like  the  new  archiving  features. 
By  installing  Microsoft’s  SQLServer  2000 
and  the  Windows  Message  Queuing  ser¬ 


vice  (it  holds  the  messages  until  they  can 
be  put  into  the  database), you  can  install 
the  IM  Archiving  Agent  and  IM  Archiving 
Service  to  capture  all  IM  traffic  and 
archive  it.Then  you  can  create  queries  to 
look  for  specific  content  by  date,  sender, 
or  other  content.  Several  documents  are 
available  on  the  installation  CD  to  help 
you  get  this  up  and  running. 

LCS  stores  all  contact  information  and 
user  settings  in  a  centralized  database 
within  Active  Directory,  which  lets  users 
roam  between  clients  and  devices,  and 
have  their  settings  follow  them.  LCS  also 
supports  multiple  points  of  presence, 
which  lets  users  connect  from  up  to  32 
simultaneous  places.  This  lets  users  log 
on  from  multiple  locations  (such  as  a  lap¬ 
top  in  a  conference  room  while  the  desk¬ 
top  remains  on),  but  the  presence  can 
follow  where  the  person  actually  is. 

Because  of  the  new  encryption  and 
archiving  enhancements,  you  will  want 
to  include  LCS  into  your  plans  if  you 
are  thinking  about  upgrading  to  Ex¬ 
change  2003.  If  you’re  not  a  Windows 
shop,  then  LCS  probably  isn’t  for  you.  Its 
integration  with  Exchange  and  other 
Office  products  is  a  plus,  but  it  also 
relies  on  them.  Without  an  Active  Di¬ 
rectory  infrastructure,  you  won’t  be 
able  to  deploy  LCS. 

Berkley  is  the  manager  for  LAN  Support 
Services  at  the  University  of  Kansas.  He 
can  be  reached  at  berkley@ku.edu.  Berk- 
ley  is  also  a  member  of  the  Network  'Maid 
Global  Test  Alliance. 
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Today's  leading  enterprise  decision-makers  focus  on  one  event. 


Organizations  with  the  most  advanced  enterprise  networks  get  the 
information  they  need  at  SUPERCOMM.  Specifically,  more  than  400  of  the 
world's  largest  corporations,  federal  agencies,  state  and  local  governments, 
and  educational  institutions  send  enterprise  managers  to  SUPERCOMM. 
Representatives  from  these  companies  join 
thousands  of  senior  IT  executives  responsible  for 
major  corporate  and  government  networks. 

These  leaders  depend  on  SUPERCOMM  to  keep 
their  networks  up  to  date.  At  SUPERCOMM,  they 
can  examine  all  relevant  enterprise  technologies 


at  one  time  and  place.  In  addition,  Enterprise@SUPERCOMM  features  a 
FREE  educational  curriculum  with  expertise  gathered  from  around  the 
world.  Equally  important,  unlike  more  narrowly  defined  events,  SUPERCOMM 
also  offers  a  window  into  all  key  communication  technologies:  Broadband, 

Converged  Wireless  and  the  entire  Global 
Infrastructure.  Join  your  colleagues  who  are 
making  the  wise  choice  to  advance  their 
networks  while  economizing  on  resources. 
Take  advantage  of  FREE  registration  and 
surround  yourself  with  solutions. 


SUPERCOMM 


Explore  the  Whole  World  of  Communications 


June  20  -  24  2004  Exhibits  June  22  -  24  McCormick  Place  Chicago  IL  supercomm2004.com 


SUPERCOMM  rs  a  registered  trademark  of  the  Telecommunications  Industry  Association  (TIA)  and  the  United  States  Telecom  Association  (USTA).  All  other  registered  trademarks  and  trademarks  are  property  of  their  respective  owners.  Company  names  appeared  in  the  attendee  data  from 
the  SUPERCOMM  2003  event  Use  of  company  names  in  this  advertisement  is  not  intended  to  convey  endorsement  of  the  company,  or  its  products  or  services.  Companies  listed  in  this  advertisement  may  not  have  endorsed  SUPERCOMM. 
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SECURITY  AUDITING 
TOOLS 


Preventsys  tracks  network  compliance 


■  BY  MANDY  ANDRESS,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


The  growing  number  of  security  policies  and  regulations  companies  are 
required  to  follow  —  the  Health  Insurance  Portability  and  Accountability 
Act  and  the  Sarbanes-Oxley  Act,  for  example  —  creates  high  demand  for 
policy-compliance  products.  But  how  can  you  confirm  your  systems  are 
configured  appropriately  and  maintain  that  configuration  over  time?  In  our  tests, 
Preventsys  Network  Audit  and  Policy  Assurance  1.5  proved  to  be  a  flexible,  easy-to- 
use  product  that  earned  accolades  as  a  World  Class  Award  designee. 


Preventsys  takes  the  results  of  vulnera¬ 
bility  assessment  scans  and  compares 
them  with  defined  policies,  looking  for 
systems  that  are  out  of  compliance.  By 
default,  open  source  tools  Nessus  and 
Nmap  are  used  for  scanning,  but  many 
third-party  products,  including  Internet 
Security  Systems’  Internet  Scanner  and 
eEye  Digital  Security’s  Retina,  also  are 
supported.  Preventsys  uses  XML  at  its 
core,  so  you  are  only  limited  by  your  abil¬ 
ity  to  get  your  audit  results  in  an  XML  for¬ 
mat  that  the  Preventsys  product  can  then 
analyze. 

The  system  comprises  three  main 
servers:  the  audit,  compliance  and  data¬ 
base  servers.The  audit  server  runs  scans. 
The  compliance  server  performs  all  the 
analysis  and  processing  of  the  scan 
results.  Users  tap  into  the  whole  system 
via  a  Web-based  console  that’s  communi¬ 
cating  with  the  compliance  server.  The 
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Preventsys  Network 
Audit  and  Policy 
Assurance  System  1.5 


Company:  Preventsys,  www.preventsys. 
com,  (760)  268-7800  Cost:  Ranges  from 
$65,000  for  1,000  nodes  to  $375,000  for 
20,000  nodes.  Pros:  Highly  customizable 
with  XML  infrastructure;  excellent  user 
interface;  ability  to  analyze 
multiple  policies  with  one  set  u/f|| 
of  scan  results.  Cons:  Pricey.  ”111 


cl(tr///er 

The  breakdown 

Ease  of  use/flexibility  25% 

5.0 

Reports  25% 

4.8 

Policy  development  25% 

5.0 

Remediation  25% 

4.8 

TOTAL  SCORE 

4.9 

■  Scoring  Key:  5:  Exceptional;  4:  Very  good; 
3:  Average;  2:  Below  average;  1:  Consistently 
subpar 


database  (PostgreSQL  by  default,  but 
Oracle  also  is  supported)  server  stores  all 
the  data,  both  raw  and  analyzed. 

Preventsys  shipped  three  Shuttle  sys¬ 
tems  containing  2.4-  or  2.8-GHz  Pentium 
4  processors,  each  with  1G  byte  of  RAM 
for  our  testing,  but  customers  only 
receive  the  software  and  professional  ser¬ 
vices  for  installation. The  Web  interface  is 
intuitive  and  easy  to  use.  We  created  new 
users,  defined  networks  and  hosts,  and 
launched  a  scan  in  a  matter  of  minutes. 

We  were  impressed  with  the  level  of  de¬ 
tail  at  all  configuration  levels.  For  exam¬ 
ple,  user  permissions  are  segregated  be¬ 
tween  scanning,  analysis,  reports,  remedi¬ 
ation  updates  and  remediation  assign¬ 
ment  activities.  This  segregation,  com¬ 
bined  with  definable  network/host  per¬ 
missions,  means  you  could  tailor  its  secu¬ 
rity  parameters  to  fit  almost  any  organi¬ 
zational  structure. 

Preventsys  includes  an  array  of  default 
policies,  such  as  the  SANS  Top  20  and  or 
your  own  list  of  e-commerce  servers.  A 
number  of  policies  also  are  developed 
from  National  Security  Agency  and 
National  Institute  of  Standards  and  Tech¬ 
nology  guidelines.  Additional  policies 
that  Preventsys  developed  are  included 
in  the  built-in  Policy  Library  Update  func¬ 
tion  of  the  product.  A  rollback  function 
also  is  available  for  easy  removal. 

Preventsys  provides  several  methods  to 
create  and  update  policies.  The  most 
direct  is  to  modify  the  XML  code  yourself. 
For  a  more  template-driven  approach,  the 
Web  interface  includes  some  policy 
development  functionalityA  third  option 
is  to  use  the  separate  Windows-based  Pol¬ 
icy  Lab  application  that  Preventsys  pro¬ 
vides  to  design  and  create  new  policies. 

Preventsys  can  be  configured  in  a  num¬ 
ber  of  ways,  support  myriad  scan  reports 
in  XML  and  run  any  policy  created 
against  any  scan  data.  A  strong  feature  is 
the  ability  to  re-analyze  scan  data,  mean¬ 
ing  you  can  run  a  policy  comparison 
against  scan  data  at  any  time. This  works 
great  for  those  companies  that  have  spe- 


How  we  did  it 


We  set  up  the  three  Preventsys  servers  on  our  test  network.  After  log¬ 
ging  on  with  the  default  user,  we  created  our  own  administrator, 
defined  our  lab  network  and  launched  a  full  network  scan.  Our  test 
network  is  running  a  variety  of  systems  and  devices  including  Cisco  switch¬ 
es,  Cisco  routers,  NetScreen  Technologies  firewall,  VPN  gateways,  Solaris 
servers,  Linux  servers  and  Windows  2000/XP  systems. 

We  then  defined  additional  users,  individual  hosts  and  various  network  seg¬ 
ments.  We  also  modified  existing  policies  and  created  our  own  policies.  After 
scheduling  scans  and  waiting  for  them  to  complete,  we  generated  a  number  of 
different  reports  and  re-analyzed  the  scan  data  with  different  policies. 

From  our  scan  results,  we  assigned  tasks  to  various  users  and  then  had  dif¬ 
ferent  users  view  and  modify  the  tasks  assigned  to  them. 


cific  windows  for  systems  scans,  but 
might  need  to  check  new  policy  compli¬ 
ance  at  any  time. 

Reporting  is  another  strong  point  of 
Preventsys.  The  system  includes  a  num¬ 
ber  of  default  reports,  including  execu¬ 
tive  summaries,  compliance,  trends,  reme¬ 
diation  tasks  and  individual  network/ 
host  reports.  Each  report  can  be  pub¬ 
lished  so  it  is  easily  accessible  through 
the  administration  interface.  Additionally 
reports  can  be  exported  to  a  PDF  and 
saved  offline. 

Preventsys  has  integrated  the  ability  to 
calculate  your  financial  risk.  When  defin¬ 
ing  assets  within  the  system, you  can  enter 
the  cost  of  the  system  in  terms  of  the 
price  of  the  machine  or  the  value  of  the 
data  on  that  machine.These  numbers  are 
used  during  the  report-generation  phase 
to  calculate  various  risk  levels  if  either  the 
machine  or  its  data  is  compromised. 

Remediation  assignments  —  where 
you  define  who  on  your  staff  is  responsi¬ 
ble  for  fixing  certain  vulnerabilities  — 
are  easily  managed  through  the  system. 
Because  Preventsys  supports  a  number 
of  different  tools, you  can  hand  out  reme¬ 
diation  assignments  for  vulnerabilities 
detected  from  multiple  scanners  from 
this  central  place.  Once  assigned,  the 
assignee  then  can  update  the  task  with 


the  results  of  their  investigation  and  note 
any  action  taken  as  a  result. 

Preventsys  also  can  include  a  wireless 
module  that  will  analyze  a  wireless  infra¬ 
structure  for  security  weaknesses.  We  did 
not  test  this  module. 

Overall,  Preventsys  provides  a  strong 
central  control  point  for  vulnerability 
analysis,  policy  compliance,  remediation 
tracking  and  reporting.  With  the  growing 
list  of  security  requirements,  centralized 
policy  compliance  reporting  eases  the 
job  of  security  managers. 

Andress  is  president  of  ArcSec  Technol¬ 
ogies,  a  security  company  focusing  on 
product  reviews  and  analysis.  She  can  be 
reached  at  mandy@arcsec.com 


Global  Test  Allia 


■  Andress  also  is  a  member  of  the 
Network  World  Global  Test  Alliance,  a  coop¬ 
erative  of  the  premier  reviewers  in  the  net¬ 
work  industry,  each  bringing  to  bear  .years 
of  practical  experience  on  every  review.  For 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 
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Increased  accountability 

Give  your  business  units  an  internal  service-level  agreement  to  demonstrate  IT  performance. 


■  BY  LARRY  SHOUP 

In  todays  world,  IT  must  do  more  than  simply  manage  technology; 
it  must  deliver  quality  services  in  line  with  business  objectives. 
Internal  service-level  agreements  between  IT  departments  and  the 
business  units  they  serve  are  an  integral  part  of  the  process. 


An  internal  SLA  is  a  published  guaran¬ 
teed  level  of  service  that  IT  gives  to  each 
business  unit  it  supports.  For  example,  the 
IT  department  of  a  financial  services  firm 
would  have  separate  SLAs  for  the  invest¬ 
ment  banking  and  human  resources  de¬ 
partments.  Both  are  essential  to  the  com¬ 
pany,  but  the  requirements,  priorities  and 
amount  of  IT  resources  they  need  differ. 

Properly  executed  internal  SLAs  benefit 
both  parties.They  help  IT  prioritize  its  work¬ 
load  and  perform  future  capacity  planning. 
SLAs  are  also  an  important  tool  for  manag¬ 
ing  expectations,  demonstrating  perfor¬ 
mance  and  enhancing  IT’s  credibility  with 
the  rest  of  the  business. 

From  the  business  standpoint,  internal 
SLAs  lead  to  greater  accountability,  im¬ 
proved  productivity  and  increased  confi¬ 
dence  that  the  company  is  getting  the  most 
from  its  IT  investment. 

Here  is  some  practical  advice  culled  from 
the  experience  of  working  with  dozens  of  IT 
departments  that  have  successfully  imple¬ 
mented  their  own  internal  SLAs. 

Start  small.  Begin  the  process  by  estab- 


•  Start  small.  Keep  it  simple  and  identify 
the  most  important  metrics  in  the  SLA. 

•  Understand  and  agree  on  the  require¬ 
ments,  one  department  at  a  time. 

•  Control  expectations  regarding 
service.There  is  a  big  difference 
between  ‘‘desirable"  and  "acceptable.” 

•  Put  your  money  where  your  mouth  is. 
Include  penalty  terms  to  force 
everybody  to  take  the  SLA  seriously. 

Use  business  metrics  that  are 
communicated  easily  and  that  users 
can  understand. 

•  Find  the  right  tool  to  help  you  automate 


lishing  agreements  for  one  or  two  mis¬ 
sion-critical  services  that  can  be  closely 
monitored, such  as  network  availability  or 
help  desk  response.  Mean-time-between- 
network  outages  or  average  help  desk 
issue  resolution  time  are  some  sample 
metrics  you  can  use  (see  list,  right). 

With  some  experience,  you  can  extend 
coverage  to  other  groups  of  services  that 
encompass  an  entire  business  process, 
such  as  an  employee  Web  portal. This  por¬ 
tal  might  consist  of  several  IT  compo¬ 
nents,  such  as  Web  servers,  databases,  net¬ 
work  bandwidth  and  storage  that  all  can 
be  monitored  under  an  SLA. 

Meet  with  the  department  heads  and 
end  users  to  elicit  their  input.  What  level 
of  service  do  they  expect?  Are  they  will¬ 
ing  to  pay  a  bit  more  for  a  higher  standard 
of  service?  Business  managers  are  used  to 
making  trade-offs  between  price  and  per¬ 
formance,  and  must  choose  between  a 
premium  but  more  costly  service  vs.  a 
less-expensive  option  that  covers  the 
basics.  If  you  don’t  have  a  thorough 
understanding  of  what  the  business  units 


service-level  management. 

•  Make  SLAs  a  continuous  improvement 
process,  constantly  refining  and 
redefining  as  needed. 


need  from  a  service,  you’ll  never  be  able 
to  set  the  right  service-level  objectives 
and  satisfy  their  requirements. 

To  be  taken  seriously  internal  SLAs  need 
to  have  some  teeth,  which  means  some 
sort  of  penalty  for  non-compliance  has  to 
be  in  force.  With  external  service  pro¬ 
viders,  these  typically  involve  the  reim¬ 
bursement  of  a  portion  of  the  service  fee 
for  the  affected  service. 

With  internal  agreements,  there  also 
should  be  a  penalty  but  it  does  not  nec¬ 
essarily  have  to  be  financial,  such  as  a 
chargeback  “credit,”  as  long  as  the  IT 
department  accepts  responsibility  for 
the  violation.  The  penalty  should  reflect 
whatever  internal  processes  you  have 
developed  to  ensure  accountability,  but 
without  handicapping  IT  from  fulfilling 
compliance. 

One  IT  executive  we  know  gained  tre¬ 
mendous  respect  for  his  department  by 
e-mailing  a  formal  apology  to  the  affected 
department  heads  whenever  there  was  a 
service  shortfall. 

Next,  make  sure  data  is  easily  understood. 
All  too  often,  when  business  managers  ask 
for  service-level  reports,  they  receive  raw 
performance  data  that’s  irrelevant  to  them. 
What  they’re  really  looking  for  are  business 
metrics  such  as  availability  response  times 
and  cost  of  service  delivery  reported  on  a 
monthly  weekly  or  even  on-demand  basis. 
Reports  need  to  be  presented  in  meaning¬ 
ful  terms  that  present  service  levels  from 
the  end  user’s  viewpoint,  not  the  IT  admin¬ 
istrator’s.  For  example, “MIPs  per  day”  is  gib¬ 
berish  to  the  end  user  and  not  very  defen¬ 
sible  when  there  are  real  or  perceived  ser¬ 
vice  violations. 

A  sample  of  SLA  business  metrics  would 

include: 

•  Resource  availability  and  utilization. 

•  Cost  of  service  delivery 

•  System  failure/disruptions. 

•  Time  to  repair/restoration. 

•  Business  impact. 

•  Penalty  calculation. 

•  Departmental  chargeback. 

•  Satisfaction  ratings. 

Like  other  business  and  technical 
processes,  internal  SLAs  aren’t  perfect  at 
their  inception.  They’re  refined  and  im¬ 
proved  over  time.  The  internal  SLA  life 
cycle  includes  creating  the  SLA  package 
(service  definition,  service-performance 
level  and  service  cost);  monitoring  and 


SLA  statistics 

In  creating  an  SLA,  some  metrics 

that  can  be  used  include: 

•  Application  availability. 

•  Application  response  time. 

•  Help  desk  availability. 

•  Help  desk  response/resolution  time. 

•  Server  availability. 

•  Server  response  time. 

•  Network  availability. 

•  Web  site  availability. 

•  Web  site  response  time. 

•  Database  availability. 

•  Database  response  time. 

•  Mainframe  availability. 

•  Batch  job  completion  time. 

•  End-user  response  time. 

•  Service  provisioning  time. 

enforcing  the  SLA;  assessing  and  refining 
the  service  levels;  and  analyzing  and  re¬ 
assessing  the  business  unit’s  service-level 
requirements.  This  is  a  continuous 
process  that  leads  to  improvements  in  the 
level  of  service  that  the  business  unit 
receives  and  the  efficiency  with  which  it’s 
delivered. 

Above  all,  keep  in  mind  that  internal  SLAs 
are  not  a  panacea.They  will  not  magically 
transform  unhappy  users  into  satisfied  cus¬ 
tomers  or  infuse  senior  management  with 
glowing  confidence  in  IT’s  performance. 
Instead,  internal  SLAs  are  a  key  step  toward 
greater  user  satisfaction  and  aligning  IT 
operations  with  business  goals. 

By  focusing  on  business  requirements 
and  presenting  IT  performance  in  busi¬ 
ness  terms,  internal  SLAs  play  an  impor¬ 
tant  role  in  demonstrating  IT’s  value  to 
the  business.  They’ve  helped  many  IT 
organizations  achieve  cost  savings, 
respect  and  value. 

Shoup  is  CEO  of  service  management  soft¬ 
ware  vendor  iCan  Sf?  a  subsidiary  of 
Computer  Associates.  He  can  be  reached  at 
larry.shoup@ca.  com. 


Forging  an  agreement 

Here  are  some  steps  you  can  take  in  carrying  out  an  internal  SLA: 
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Custom  Management  Levels 

OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 

EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 

OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RMON1,  RMON2,  HCRMON 

•  Web  Publishing  Reports 


Remote  &  Hardware  Options 

REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 

GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack- mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


US  &  Canada  Toll  free:  (800)  526-5958  •  Fax:  (952)  932-9545  •  UK  &  Europe:  +44  (0)  1959  569880 


One  Network  /£/  Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 

NETWORK'  ^  mef 


OBSERVER 


iest-arive  tne  new  uoserver  9.0  today  ana  see  now  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


Introducing  Observer  9.0 

•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  buffer 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 

•  Now  over  450  Expert  Events 

•  SNMP,  RMON  and  now  HCRMON  support 


www.networkinstruments.com/nine 

©  2004  Network  Instruments,  LLC.  All  rights  reserved.  Observer.  Network  Instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 


Need  SSH  Console  Management? 


SSH  or  Out-Band  Access  to 
Consoles  at  Remote  Locations 


■  Secure  Shell  (SSHv2)  Encryption 

■  Simultaneous  SSH  or  Telnet 

■  Non-Connect  Port  Buffering 

■  SYSLOG  Reporting 

■  SNMP  Capability 

■  Any-to-Any  Port  Switching 

■  IP  Security  Features 

■  10/100  Base-T  Ethernet  Port 

■  Port-specific  Password  Protection 

■  Data  Rate  Conversion 

■  1 1 5/230VAC  or  -48VDC  Models 

The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the  Visit  WBDSltB  lOf  COmplBtB  NBtnBdCn  ptOuUCt  IIIIB. 

SCM-16  serial  outputs. 


(800)  854*7226  •  www.wti.com 

5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 
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Local  or  Remote  Server  Management  Solutions 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


Ultra  Matrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Connects  up  to  lOOO  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

Free  lifetime  upgrade  of  firmware 

Security  features  prevent  unauthorized  access 

Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 

simultaneous  booting 

Easy  to  expand 

(£}A  rand 


•  Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

•  High  quality  video  up  to  1280  x  1024 

•  Scaling,  scrolling,  and  auto-size  features 

•  Secure  encrypted  operation  with  login  and  computer 
access  control 

•  Advanced  visual  interface  (AVI) 

•  No  need  to  power  down  servers  to  install 

•  Free  lifetime  upgrade  of  firmware 

•  Available  in  several  models 

•  Easy  to  expand 


RackVIew™ 

KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


800  333  9343 

WWW.ROSE.COM 


ELECTRONICS 


Rose-fiectrorrics  is  privately  held  with  worid- 
he.gdquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
gesellers  and  Distributors.  Rose  has 
•/operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia; 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  Texas  77099 


ROSE  US  +281  933  7673 

ROSE  EUROPE  +44  (0)  1264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 


:  lHH 


Save  40-70%  on  Network  Equiprri 


Refurbished  Routers,  Switches, 

/Access  Servers  anc  Modules. 


Trust  .Value  // 

Quality  Parts. Great  Prices 


Trust  the  Experts 

Continental 


Call  today  for 
10%  off  1  item  (Up  to  $500)* 
*  A/e  w  customers  only. 


www.  conticomp.  com 
COMPUTE RS ,m  Call  us:  (310)  416-1200 


WWW.SUITCASE.COM 


Luggage,  Fine  Leather  Goods,  Gifts,  and  more! 

Tumi,  Hartmann,  Andiamo,  Samsonite,  Cross 

10%  discount  for  Network  World  readers 
Enter  code  NWW2004 


^  Attention  Resellers! 


5ECUREMATICS 

The  Right  decision  for  Security  Products 

Best  Source  for  S0NICWAU 
Security  Products! 

•  Inventory  on  hand 

•  Aggressive  prices 

•  Added  margins  with  training 

•  Pre  sales-Post  sales  support 

Securematics  is  a  SonicWALL  Authorized  Distributor 
And  Authorized  Training  Partner. 


To  sign  up  for  the  Medal  ion  Partner  Program,  please  contact  us. 


Call  -  888-746-6700  sales@securematics.com  www.securematics.com 


CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


Nortel  Baystack 
450-24T  Switch  Reg.  $695 


Cisco 

WS-C1924C-EN  Reg.  $350 


Fax  Equipment  List 
To  801-377-0078 

N0RTEL 

NETWORKS 


Bay  Networks^ 

usee  Suites 

'3! 


Cisco  2501  Reg.  $275 


caaeTRon 

_ _ _ svsrems 


888-8LANWAN 

r  Free  Quote!  (888-852-6926)  www.nle.com 
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Protect  your  server  room  with 
a  Weather  Duck  Climate  Monitor 

— •  Temperature 
— •  Humidity 
•  Air  Flow 
— •  Light  Level 
— •  Doors  Open 

-•  Camera  °Ptional  Wpathp/W 

^  Sound  Level  Duck^ 


51  2.345.81  89 
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IT 


Advertising  Supplement 


IT  Careers:  IT's  Premier  Leaders  Identify  Top  Professional  Requirements 


While  some  of  the  nation's  leaders  are  quick  to 
identify  the  top  technical  skills  needed  for  IT 
professionals,  they  are  more  vehement  and 
passionate  about  what  they  consider  to  be  a 
missing  skill:  communication. 

The  hue  and  cry  from  five  of  the  premier  leaders 
in  IT  is  that  information  technology  professionals 
must  be  able  to  communicate  ideas  effectively  to 
non-technical  users,  that  they  must  be  able  to  write 
coherently  and  that  they  must  be  able  to  put  on  the 
face  of  the  end-user,  identifying  how  best  to  adapt 
technology  and  assure  that  users  can  access  it  with 
minimal  training. 

Brian  Leinbach,  CTO  for  Delta  Technology  (Delta 
Air  Lines'  IT  function)  says,  "Your  technical  ability 
has  no  value  if  you  can't  communicate  the  business 
relevance  of  it.  With  technical  degrees,  graduates 
get  maybe  two  semesters  of  English,  yet  in  the  real 
world  it's  the  first  thing  you  have  to  do." 

Of  course,  Leinbach  and  other  top  leaders,  also 
know  the  technical  challenges  that  exist  -  and 
provide  exciting  opportunities  for  IT  professionals. 
"We  have  a  great  emphasis  on  real-time 
computing,"  he  says.  "We  need  processes  and 


solutions  that  enable  decision  making.  In  airlines, 
things  have  grown  more  complicated  by  our  drive 
to  want  to  compress  time  -  for  us  that  means  every 
system  that  enables  a  flight." 

Harry  Roberts,  senior  vice  president  and  CIO  for 
Boscov's  Department  Stores,  says  the  hottest  skills 
for  IT  professionals  will  be  networking,  database 
administration  and  continued  focus  on  JAVA,  J2EE 
and  XML  languages.  "These  are  the  skills  that  hit 
business  right  where  they  live  -  data  and 
communications." 

In  the  healthcare  industry,  the  use  of  wireless 
technologies  "is  exploding,"  according  to  Linda 
Reino,  CIO  at  Universal  Health  Services  Inc.  "It's  all 
about  mobility  for  the  healthcare  provider.  That 
means  using  browser-based  technologies  in  an 
intuitive  way  that  reduces  training.  In  developing 
these  technologies  (such  as  tablets,  PDAs,  laptops), 
the  IT  professional  has  to  stop  dreaming  and  get 
down  to  the  real  operational  issues  of  how  often 
that  nurse  or  doctor  puts  the  mobility  device  down, 
its  susceptibility  to  loss,  theft  or  corruption  of  data. 
That  also  implies  a  real  need  for  security  of 
information  and  data,  too." 


Mark  Hedley,  senior  vice  president  and  CTO  at 
Wyndham  International,  points  out  that  the  skills 
required  for  technical  vs.  business  IT  roles  are 
different.  "If  you  favor  the  highly  technical  route, 
the  ability  to  gain  as  much  knowledge  about  that 
specialty,  such  as  J2EE  development,  IP  networks, 
telephony,  and  how  best  to  apply  it  is  going  to  be 
very  beneficial.  I  describe  these  individuals  as  an 
inch  wide  and  a  mile  deep."  Hedley  points  to 
technical  needs  in  advanced  network  engineering 
skills,  as  well  as  certifications  from  Cisco. 

The  management  track,  on  the  other  hand 
requires  skills  in  leadership,  management,  human 
resources,  legal,  financial,  operational  and 
relationship  building.  "These  individuals  have 
technical  skills  that  are  a  mile  wide  and  an  inch 
deep  and  will  seek  the  best  technical  resources  to 
form  a  team" 

For  more  information  about  IT  Careers  advertising, 

please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 
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Principle  Network  Engineer 


Responsible  for  next  generation  network  tech¬ 
nology  options;  developing  high  performance 
data/voice/video  designs;  strategic  analysis, 
plan  and  design  of  enterprise  communications 
architecture  which  integrates  voice,  data  and 
video  communications  technology.  Participates 
in  enterprise  information  technology  initiatives; 
design  building  and  installation  of  complex  net¬ 
work  environments.  Must  understand  the 
mechanics  of  network  transmission  at  all  7  lay¬ 
ers  of  the  OSI  model;  experience  in  coordina¬ 
tion,  advising,  consulting,  and  general  network 
implementation,  design  and  security  concepts. 
Fingerprinting/background  check  required. 

For  more  information  and  to  apply,  go  to: 

http://ucsfhr.ucsf.edu/careers 


[JCSF 

Apply  specifically  to  requisition  8290BR. 


OUR  PEOPLE  MAKE  THE 

Difference  WAL*MART 


Stores,  Inc. 


We’re  Looking  for  the  Future  Leaders  of  Tomorrow 


Wai-Mart  Stores,  Inc.  has  been  recognized  by  Fortune 
Magazine  as  the  most  admired  company  in  the  world. 
As  our  company  continues  to  expand,  so  does  the 
opportunity  for  first-class,  talented  people  to  guide 
the  future  of  one  of  the  most  successful  and 
innovative  growth  companies  in  the  world. 

Put  your  career  on  a  fast  climb  and  help  us  continue  to 
set  the  industry  standard  in  information  technology. 

•  UNIX  -  C,  C++,  Administration,  Engineering, 
Informix  DBAs 

•  NT  Workstation  -  VB,VC++,  Java,  ASP,  XML 

•  JBM  Mainframe  -  COBOL,  CICS,  DB2  and 
IMS  DBAs 

•  Networking  -  Ethernet,  VSAT,  Frame 
Relay,  ATM 

•  Telecommunications 

All  positions  are  located  in  Bentonville,  AR. 


Ready  to  do  it  all?  Candidates  interested  in  joining 
our  team  should  forward  a  resume  to: 

Wal-Mart  Information  Systems  Division 
Attn:  Recruiting  Department 
805  Moberly  Lane  M4I 
Bentonville,  AR  72716-0560 
E-mail:  ISDADS@wal-mart.com 

For  more  information,  visit 
www.walmartstores.com 


WaFMart  Is  An  Equal  Opportunity  Employer.  M/F/D/V 
‘2000  Wal-Mart  Stores,  Inc. 
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DATA  WAREHOUSE 
SPECIALIST 

Resp  fci  dsgng,  implmntng  & 
supporting  bus  -oriented  data 
warehousing  projects  for  co's 
clients.  Specific  duties  include: 
0)  implmntng  bus  rules  via 
storad  procedures,  middleware 
or  other  related  technologies;  (ii) 
defining  user  interfaces  &  func¬ 
tional  specs  based  on  client's 
bus.  needs,  (iii)  verifying  accura¬ 
cy  of  data.  &  (iv)  maintaining/ 
supporting  data  warehouse  & 
end-users.  Bach,  degree  (or 
equiv.)  in  Comp.  Sci.,  Math, 
Engnrg,  Bus.  or  Commerce  +  2 
yrs  exp.  in  position  offered  or  as 
a  Software  Engnr,  Prog./Sys. 
Analyst  or  Data  Architect  reqd. 
Exp.  must  include:  (a)  UNIX  NT 
or  Windows  or  LINUX;  (b) 
PL/SQL  or  T-SQL,  (c)  Oracle  or 
Sybase  or  SQL  Server  or  DB2; 
(d)  Informatica  or  Cognos  or 
Brio;  &  (e)  knowledge  of  ETL 
(extract,  transform  and  load). 
High  mobility  preferred.  40 
hrs/wk,  8am  -  5pm,  $66,730/yr. 
Qualified  applicants  please  sub¬ 
mit  resume  to:  Mon  Valley 
Regional  CareerLink,  Attn;  Actg, 
CL  Program  Supervisor,  Donora 
Industrial  Park,  570  Galiffa 
Drive,  Donora,  PA  15033. 
Please  refer  to  Job  Order  No. 
WEB  387720. 


Programmer  Analyst;  Design/ 
impl.intranet/client-server/ERP 
appls.  in  HP-Unix  /  Win2000 
env.  w /  Oracle  db  as  backend. 
Prepare  project  estimation  /  sys. 
prospectus,  TSD  &  SRS  using 
MS/Project2000;  generate  use 
case/class  diagram  w/  Together- 
J;  deploy  J2EE  compts  incl. 
EJB,  Servlets,  JSP,  DAO,  JDBC. 
JNDI  in  WebSphere/WebLogic/ 
iPlanet  appl.  servers  using  XML, 
DHTML,  JavaScript,  Visual  Age, 
&  Jbuilder;  write  Applet  appls.  to 
integrate  MICR  devices,  Bar¬ 
code  Scanner  &  Transaction 
Barcode  Printers  using  COMM, 
API  &  PCL;  develop  appls., 
charts,  forms  and  reports  using 
JetChart,  VB,  Oracle  Financials 
&  Crystal  Report;  and  provide 
tech,  support.  Requires  BS  in 
Comp. Sr.  Engr.  or  MIS  plus  2 
yrs.  exp.  Full  time.  Resume  to; 
HR,  Kelly  Mitchell  Group,  Inc. 
101  S  Hanley  Rd.Ste.1100,  St. 
Louis,  MO63105.  NO  CALL/ 
EOE. 


UmeVoice,  Inc.  seeks  Software 
Engineer  for  Jersey  City  NJ  loc. 
Design  +  dev  speech  enabled 
trading  systems  +  non-speech 
financial  components  on  various 
hardware  +  software  platforms 
incl  Solaris,  Windows  NT/XP, 
Pocket  PC  2002  and  Linux; 
Analyze  complex  financial  needs, 
speech  lingo  +  usage  reqs; 
Identify  problems  to  improve 
existing  systems  +  speech  appli¬ 
cations;  Write  specs  docs;  Work 
on  technologies  incl  Voice  Recog 
(IBM  Viavoic,  Hark),  J2EE,  NET, 
Java,  C++,  C #.  Must  have  BS  in 
Comp.  Sci,  Engineering  or  relat¬ 
ed  field  +  1  yr  relevant  exp  . 
Resume  to  H.R.,  UmeVoice, 
Inc.,  73  Digital  Dr.,  Novato,  CA 
94949. 


Corpus,  Inc.  has  multiple  open¬ 
ings  for  IT  professionals.  Follow¬ 
ing  skills  preferred:  Oracle,  SQL, 
PL/SQL,  COBOL,  C/C++,  VB, 
SAP,  Java,  XML,  ERP,  ASP,  NT, 
XSL.  Minimum  BS  degree.  Tra¬ 
veling  is  required  for  some  posi¬ 
tions  Please  send  resumes  to 

Global  Consulting  is  looking  for 
programmer/system  analysts, 
software  engineers  Candidate 
must  have  BS  with  IT  experi¬ 
ence  Good  skills  in  C/C++, 
Java,  Oracle,  EJB,  J2BB,  Web- 
Logic,  VB.  HTML  are  plus. 
Traveling  is  required  for  some 
positions.  Apply  job@g-C-fl.net 
EOE.  No  calls 


SOFTWARE  DEVELOPERS. 
Develop  standard  features,  inter¬ 
faces  and  complex  modules  for 
existing  or  new  software  prod¬ 
ucts  to  provide  major  feature 
implementation  to  client  base  of 
standard  customers.  Actively 
participate  in  innovative  new  de¬ 
signs,  technologies,  research 
projects  and  their  implementa¬ 
tions.  Learn  new  proprietary 
technologies  and  development 
tools,  developed  in-house,  as 
well  as  adapt  to  non-SQL  type 
databases.  Effectively  convey 
expert  research  findings  on  com¬ 
plex  technologies  to  a  wide  audi¬ 
ence.  In  order  to  emphasize 
quality,  provide  clear  and  com¬ 
plete  models  and  documenta¬ 
tion.  Develop  utilities  to  assist  in 
the  quality  control  of  the  features 
developed  (multiple  openings). 
Requires  B.S.  in  Computer  Sci¬ 
ence  or  related  field;  5  years  of 
experience  in  job  offered  or  in 
software  consulting;  must  have  5 
years  experience  programming 
in  Delphi;  experience  must  also 
include:  3  years  working  with 
SQL  databases  (Sybase,  Micro¬ 
soft  SQL  Server,  Oracle);  devel¬ 
oping  client/server  applications  - 
both  2  tier  and  3  tier;  develop¬ 
ment  of  middleware  technologies 
(MIDAS,  COM,  CORBA,  CGI, 
ISAPI);  and  development  in  a 
Web  environment  (Active  Server 
Pages,  JavaScript).  Must  have 
proof  of  legal  authority  to  work  in 
the  United  States.  Send  resume 
with  Social  Security  Number  to 
Andrea  Weston,  Ontario  Sys¬ 
tems,  1150  West  Kilgore  Avenue, 
Muncie,  IN  47305. 


V.L.S.  Systems  is  a  software 
development  and  consulting  co 
with  multiple  openings  for  Soft¬ 
ware  Engineers,  DBA's,  Pro¬ 
grammer  Analysts,  QA  Testers 
and  Project  Managers  to  work 
at  client  sites  in  VA,  IL,  PA  and 
other  sites  throughout  the  U.S. 
Individuals  must  have  a  mini¬ 
mum  of  a  Bachelor  Degree  and 
two  years  relevant  experience. 
We  are  seeking  individuals  with 
various  combinations  of  the  fol¬ 
lowing  skills:  Siebel,  Oracle 
Apps,  Peoplesoft,  SAP,  MS 
SQL,  SCADA,  DB2,  Sybase, 
Abinitio,  Tuxedo,  OLAP,  ETL 
development,  Business  Miner, 
VSAM,  Mercator,  Endevor, 
SeeBeyond,  C#,  C++,  VC++, 
ASP.NET,  .net  technologies, 
Business  objects,  Java,  J2EE, 
JNDI,  Java  Script,  EJBs,  Cold¬ 
fusion,  Peri,  HTML,  Cobol, 
CICS,  MVS/ESA,  Unisys, 
COM+,  MTS,  Cognos,  Web¬ 
sphere,  Weblogic,  WSAD, 
MVC  Architecture,  Unix,  Win¬ 
dows  NT,  embedded  related 
tools.  Apply  to:  V.L.S  Systems, 
9900  Main  St,  Suite.  304, 
Fairfax,  VA  22031. 


PROGRAMMER  ANALYSTS 
for  Cheyenne,  WY  office.  Devel¬ 
op  &  maintain  software  applica¬ 
tions  using  Oracle,  SQL  Server, 
Erwin,  Linux,  Sybase,  XML, 
UML,  Interwoven,  Coolgen, 
ClearCase,  ClearQuest,  Plum- 
tree,  PVCS,  UNIX.  Bachelors  or 
Equivalent  reqrd  in  Computers, 
Engineering,  Math  or  related 
field  of  study  +  lyrs  of  related 
exp.  40  hrs/wk;  Must  have  legal 
authority  to  work  permanently  in 
the  U.S.  Send  resume  to  HR 
Manager,  Globalways,  Inc, 
39176  B,  State  St,  Fremont,  CA 
94538. 


PROGRAMMER  ANALYSTS 
for  Cheyenne,  WY  office.  De¬ 
sign  &  Develop  software  appli¬ 
cations  using  C++,  Oracle, 
Sybase,  XML,  UML,  Coolgen, 
Interwoven,  ClearCase,  Clear¬ 
Quest,  PVCS,  UNIX.  Bachel¬ 
ors  or  Equivalent  req'd  in 
Computers,  Engineering,  Math 
or  related  field  of  study  +1  yrs 
of  related  exp.  40  hrs/wk.  Must 
have  legal  authority  to  work 
permanently  in  the  U.S. 
Contact  HR  Manager,  Global 
Infotech  Solutions,  Inc,  826 
West  Laurel,  Suite  IB, 
Springfield,  IL-62704. 


Computer  Programmers 

Design  and  develop  Data¬ 
warehousing  and  Business 
Intelligence  solutions. 

Min.  Educ.  Bachelor’s 
degree  or  equi.  Some  posi¬ 
tions  require  Master’s 
degree  or  equi.  Min.  Exp.  2 
years.  Job  may  involve 
working  at  various  locations 
throughout  the  US. 

Please  send  resumes  to 
Selectiva  Systems,  Inc. 
3333  Warrenville  Rd., 
Suite  200 
Lisle,  IL  60532. 


Global  Innovative  Solutions,  Inc. 
has  opening  for  Chief  Financial 
Officer  w/Masters  or  equiv  in 
Finance  Admin.  Bach  w/at  least 
5  yrs  progressive  exp  in  job  offd 
or  as  Accounts  Officer  or  CEO 
acceptable.  Responsibilities  incl. 
overseeing  all  corporate  fin'l  & 
acctg  functions  in  US  &  India 
offices,  &  formulating  &  adminis¬ 
tering  co's  overall  fin'l  plans  & 
policies.  Must  have  knowl  of 
Transfer  Pricing,  Concepts  of 
Costing  on  Cost  Drivers,  Mgmt. 
Audit,  &  US  &  Indian  tax  laws,  & 
have  legal  auth  to  work  in  US. 
Excellent  pay  &  benefits.  Email 
resume  w/proof  of  work  status 
to:  gis@global-innovative.com 


Computer 

Channell  Construction  Com¬ 
pany,  Inc.  (Omaha,  NE)  has 
an  opening  for  an  IT  Consul¬ 
tant/Systems  Analyst  with 
the  following  skill  sets:  C++, 
Visual  Basic,  Java,  Java¬ 
Script,  Oracle,  HTML,  ASP, 
Photoshop,  UML,  Microsoft 
Office  Package,  Windows 
NT  &  2000,  UNIX,  TCP/IP, 
with  1-3  yrs  of  exp  with  rele¬ 
vant  degree.  Top  $$.  Mail 
resume  to:  5697  N  13th  St., 
Omaha,  NE  68110.  An  EEO 
Employer. 


Software  Engineer 
needed  w/exp  in  using 
Java,  JFC,  Swing, 
AWT,  Windows,  GUI, 
Java-Doc,  HTML, 
UML,  i18  architecture, 
XML,  SAX  &  DOM 
parsers.  Mail  resumes 
to:  Ebusinesscorp  Inc., 
209  West  Central  St., 
Suite  #106,  Natick,  MA 
01760. 


Computer:  Software  Engin¬ 
eers  needed.  Seeking  can¬ 
didates  with  BS  or  equiv. 
and/or  rel.  work  exp.  De¬ 
velop  software  system  & 
applications  using  ESM  w / 
client  to  improve  technology 
&  human  resource  interfac¬ 
ing;  Analyze  &  design  pro¬ 
grams  to  meet  user  needs. 
Mail  res.,  ref.  &  trans.,  & 
Sal.  Req.  to  L-Cube 
Innovative  Solutions,  Inc.,  2 
Enterprise  Dr.,  Suite  303, 
Shelton,  CT  06484. 


Software  Engineers/Data  Base 
Design  Analysts,  Cheyenne,  WY 
-  Analysis,  Design.  Develop¬ 
ment,  Testing  and  Imple¬ 
mentation  of  computer  software 
systems,  applications  and  data¬ 
base  systems.  B.S.  in  Computer 
Science,  Eng.,  or  related  field 
with  experience  in  C,  C++,  ASP, 
VSS,  SQL  Server,  XML,  and 
.NET.  Mail  resume  to 
DatamanUSA,  LLC,  Attn.  HR, 
1107,  West  Sixth  Avenue, 
Cheyenne,  WY  82001  or  email 
to  Jobs_WY@datamanUSA.com. 


R  &  D  PROGRAMMER  - 
Research,  develop,  program  & 
test  web  applications  in  English 
&  Korean  using  Perl,  CGI, 
HTML,  Coldfusion  &  MySQL  on 
Windows  &  Linux;  QA,  debug, 
test  &  create  reports;  Identify 
program  modules  &  research  for 
web  site  development;  On-line 
tech  support  &  solutions  in 
English  &  Korean;  Require:  B.S. 
in  Comp.  Sci.  or  IT  &  2  yrs.  exp. 
in  job  offered.  40  hr/wk.  Res: 
President,  300  Colonial  Cntr. 
Pkwy.  #150,  Roswell,  GA  30076. 


Seeking  DBAs  &  Oracle 
DBAs  (S70-75K),  Oracle 
ProC  Developers  & 
Systems  Analysts  ($83- 
85K)  for  various  US  loca¬ 
tions.  BS/BA  in  relevant 
field  +  2yrs  exp.  Resume  to 
Upp  Business  Systems, 
3075  Highland  Parkway, 
Downers  Grove,  IL  60515. 


Programmers  to  design  software 
appls  using  RDBMS,  Oracle 
Databases,  lnformix-4GL,  Infor¬ 
mix  Online,  SQL  Server,  VB, 
Power  Builder,  etc.  under  UNIX 
OSs;  program,  test  and  debug 
user  interfaces  and  supporting 
database  objects;  analyze,  re¬ 
view,  and  rewrite  programs  to 
increase  operating  efficiency 
and  adapt  program  to  new  reqs. 
Require  candidates  with  BS  or 
foreign  equiv.  in  CS/Engg.  (any 
branch)  &  1  yr  exp.  in  IT.  Com¬ 
petitive  salary,  F/T,  travel  in¬ 
volved.  Resume  to  HR, 
Ordusion  Technologies,  Inc., 
3883  Rogers  Bridge  Road,  Suite 
504,  Duluth,  GA. 


Website  Designer 

Design  websites  in  French, 
French/Japanese,  and  English 
Japanese  using  HTML,  Adobe 
Photoshop,  Adobe  Illustrator, 
Macromedia  Fireworks,  Mac¬ 
romedia  Dreamweaver,  Mac¬ 
romedia  Flash,  QuarkExpress, 
Microsoft  Word,  Microsoft  Ex¬ 
cel,  Microsoft  PowerPoint,  PC 
and  Mac  platforms.  Min:  BA  in 
French  or  Japanese.  40  hr/M- 
F.  Send  resume:  Symbiosis 
Systems,  Inc,  7094  Peach¬ 
tree  Ind.  Blvd.,  Suite  370, 
Norcross,  GA  30071-1024. 
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Prog/Analysts  to  analyze,  de¬ 
sign,  develop  and  implement 
client  server,  web  appls  using  C, 
C++.  Java,  Swing,  XML.  HTML, 
JDBC,  HTML,  JavaScript,  JSP. 
ASP,  EJB,  J2EE,  Oracle,  PL/ 
SQL,  Websphere,  Weblogic  un¬ 
der  UNIX/Windows  OS;  docu¬ 
mentation  program  develop¬ 
ment,  logic,  coding  and  correc¬ 
tions;  provide  customer  support 
and  troubleshoot.  Require:  BS 
or  foreign  equiv.  in  CS/Engg. 
(any  branch)  with  2  yrs  of  exp.  in 
IT,  Travel  Involved.  Comp. 
Salary.  F/T.  Resumes  to:  HR, 
Synergy  America,  Inc.,  6340 
Sugarloaf  Parkway,  Ste  140, 
Duluth,  GA  30097. 


PROGRAMMER  ANALYSTS 
for  Casper,  WY  office.  Design 
&  Develop  software  applica¬ 
tions  using  C++,  Oracle, 
Sybase,  XML,  UML.  Coolgen, 
Interwoven,  ClearCase,  Clear- 
Quest,  Plumtree,  PVCS,  UNIX. 
Bachelors  or  Equivalent  req'd 
in  Computers,  Engineering, 
Math  or  related  field  of  study 
+1  yrs  of  related  exp.  40 
hrs/wk.  Must  have  legal 
authority  to  work  permanently 
in  the  U.S.  Contact  HR 
Manager,  Allied  Business 
Consulting,  Inc.,  2906  Merry 
Wood  Drive,  Edison,  NJ-08817 


COMPUTERS  -  Sr.  Software 
Consultants  needed.  Seeking 
qual.  cand.  possessing  MS/BS 
or  equiv.  and/or  rel.  work  exp. 
Part  of  the  exp.  must  include  2 
yrs.  working  with  network 
administration  &  1  yr.  working 
with  Unix  system  administration, 
Visual  Basic  &  ASP  (Exp.  can 
be  simultaneous).  Duties  in¬ 
clude:  Design,  develop  &  imple¬ 
ment  IBM  Websphere  software 
products  &  systems;  Work  with 
Visual  Basic,  ASP,  Javascript, 
HTML,  MQ  Series  &  Net. Data. 
Fwd.  resume  &  ref.  to:  e- 
Emphasys  Tech.,  Attn:  HR,  219 
E.  Chatham  St.,  #102,  Cary,  NC 
27511. 


Programmer  Analyst  w/exp 
in  client-server  application 
using  Java,  Oracle,  Oracle 
forms/reports,  VC++,  Visual 
Basic  &  DAO.  Create 
Reports  w/Crystal  Reports. 
Use  ASP,  Perl,  Visual  Basic 
Script,  Java  Script  &  HTML. 
Mail  Resume  to:  Summit 
Medical  Clinic,  PC.,  1605 
North  Union  Blvd.,  Suite 
#200,  Colorado  Springs, 
CO  80909, 


Programmer  Analyst  III.  Pro¬ 
vide  programming  support  for 
mutual  funds,  annuities,  retire¬ 
ment  plans  and  commission 
tracking/payment  systems  in¬ 
cluding  full  life-cycle  application 
support,  analysis,  design,  de¬ 
velopment,  system  modifica¬ 
tion,  testing,  set-up,  reporting 
and  creation  of  documentation. 
Develop  Microsoft  client  server 
and  web  development  solu¬ 
tions  for  company's  customers. 
Must  have  Bachelor's  in  Comp. 
Sci„  Engg.  or  related,  1  yr. 
exp.,  and  knowledge  of 
NaviSys  LifeCAD/MP  (Home 
Office),  Microsoft  SQL  Server 
2000  and  XSLT.  Send  resume 
to:  Connie  Reynolds,  Human 
Resources,  Security  Benefit 
Life  Insurance  Co.,  One 
Security  Benefit  Place,  Topeka, 
KS  66636. 


Prog/Analysts  to  analyze,  de¬ 
sign,  test  client  server/web  appls 
with  OOAD  methodologies  using 
Java,  VB,  EJB,  Servlets,  JScript, 
XML,  HTML,  Oracle,  SQL, 
JDBC,  Access,  Weblogic,  etc  in 
Windows  OS;  analyze  business 
processes,  determine  reqs,  gen¬ 
erate  reports;  perform  onsite/off¬ 
site  maintenance;  document, 
debug,  test,  perform  code  opti¬ 
mization.  Require:  BS  or  foreign 
equiv.  in  CS/Engg  (any  branch) 
&  2yrs  exp.  in  IT.  Competitive 
salary.  Travel  involved.  F/T.  Res¬ 
ume  to:  HR,  Bahwan  Cybertek 
Technologies,  Inc.,  209  West 
Central  Street,  Ste  312,  Natick, 
MA  01760. 


Software  Engineer  wanted 
to  design,  develop,  modify 
and  maintain  e-procure¬ 
ment  solutions,  and  perform 
related  duties.  Master  in 
Computer  Science  and 
experience  required.  Send 
resume  to  ICS,  RO.  Box 
3298,  Johnson  City,  TN 
37602. 


Simplex  Info  Systems  is  an 
Information  Technology  Consult¬ 
ing  Company.  Our  company  cur¬ 
rently  has  opening  for  the  follow¬ 
ing: 

Senior  System  Analysts:  An¬ 
alyze.  design,  develop,  test, 
implement,  maintain  and  sup¬ 
port  application  software  using 
COBOL,  PL/1,  MQ  Series,  IMS 
DB/DC,  J2EE,  SAS.  Requires 
Bachelors  in  Computer  Science/ 
Engineering  or  Related  and  2 
years  experience. 

Send  resume  to:  HR  Manager, 
Simplex  Info  Systems,  Inc.  76 
Northeastern  Blvd.,  Suite  32C 
Nashua,  NH  03062,  or  email  to: 
resumes@simplexinfo.com 


Research  &  Applications  Spec¬ 
ialist  -  Dvlp  large  complex  em¬ 
bedded  real-time  systems  & 
commercial  enterprise  systems. 
Plan  &  direct  dvlpmt,  installation, 
maintenance  &  modification  of 
mission-critical  applies  on  large 
multi-user  systems.  Lead  &  pro¬ 
vide  research  &  engg  direction. 
MS  +  5  yrs  or  PhD  +  2  yrs  exp 
reqd.  Must  have  1  yr  exp  in  C,  in 
C++  &  Java,  6  mos  w/SAGE 
Integration  technologies,  1  yr  in 
DSP  using  VxWorks,  1  yr  in 
enterprise  architectures,  1  yr 
w/source  control  dvlpmt  tools,  & 
6  mos  in  dvlpg  algorithms  spe¬ 
cific  to  resource  optimization 
techniques. 

Software  Architect  -  Research, 
dsgn,  dvlp  &  test  operating  sys- 
tems-level  s/ware,  compilers  & 
n/work  distribution  s/ware  for 
embedded  real-time  &  enter¬ 
prise  applies.  MS  +  3  yrs,  BS  +  6 
yrs  or  PhD  +  1  yr  exp  reqd. 

Must  have  1  yr  exp  w/each  of 
SAGE  Integration  &  SPI  tech¬ 
nologies;  2  yrs  combined  exp 
w/embedded  systems  dvlpmt 
methodologies  &  real-time  oper¬ 
ating  systems  frameworks  incl, 
VxWorks,  PSOS. 

Competitive  Salary  &  benefits. 
Apply  to:  Human  Resources, 
Tandel  Systems  LLC,  12401 
62nd  Street  North,  Unit  201, 
Largo,  FL  33773-3786. 


IndusValley  Consultants,  Inc.,  is 
a  global  IT  systems  integration 
and  solutions  firm  has  openings 
for  the  following:  Software  En¬ 
gineers:  Research,  Architect. 
Integrate  distributed  applications 
utilizing  various  software's  such 
as  SAP  R/3,  Clarify,  Siebel,  Or¬ 
acle  Apps,  Visual  Basic,  Java, 
Tibco.  Provide  leadership  to 
complete  design  solutions,  write 
code,  perform  testing,  provide 
documentation,  and  implement 
development  projects.  Need 
Master's  Degree  in  Computer 
Science  or  related  and  2  years 
of  experience.  Programmer  Ana¬ 
lysts:  Plan,  test  and  develop 
web  applications  for  ERP  and, 
CRM  packages.  Design  and 
develop  client-server  applica¬ 
tions  using  Java,  ASP,  VB,  C, 
Clarify,  Siebel  and  AutoCAD- 
2002.  Interact  with  clients  to 
design  the  functions  of  software 
according  to  client  specifica¬ 
tions.  Need  Bachelor's  Degree 
in  Computer  Science  or  related 
and  2  years  of  experience.  Send 
resume:  HR  Manager:  401  E. 
8th  St.,  Ste.  #  200Y,  Sioux  Falls, 
SD  57103.  E-mail:  sam@lndus 
valley.com  fax:  800-440-1907. 


Sr  Systems  Analysts  to  manage 
projects  to  design,  develop, 
test,  implement,  maintain  and 
support  business  appls  using 
Oracle  Financial  and  Manuf 
appls,  Oracle,  SQL,  Dev  2000 
in  Windows/UNIX  envir;  plan, 
direct,  coordinate  activities  of 
projects  on-time  and  on-budget; 
analyze  business  reqs  of  clients 
and  re-engineer  business 
appls.  Require:  Master's  in 
CS/Business  and  1  yr  exp  in  IT. 
Travel  involved.  F/T  position. 
Competitive  salary.  Resume  to: 
HR,  Quest  America,  Inc.,  211 
East  Ontario  Street,  Suite  1800, 
Chicago,  IL  60611 . 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop  and 
implement  digital  imaging  appli¬ 
cation  software  for  medical 
imaging  devices  using  C,  C++, 
VC++,  MFC,  XML,  COM, 
JavaScript  and  HTML  on 
Windows  2000  platform; 
Implement  an  embedded  mod¬ 
ule  in  Tornado  and  IxWorks  for 
calibration  of  hardware  to 
acquire  cardiac  and  RF  images 
using  COM.  HTML  and 
JavaScript;  Develop  detailed 
design  documents  and  technical 
specifications  as  part  of  DCP 
process  during  product  devel¬ 
opment.  Require:  B.S.  degree  in 
Computer  Science/Engineering, 
or  a  closely  related  field  with  2 
yrs  of  exp  in  the  job  offered;  A 
M.S.  degree  with  a  demonstrat¬ 
ed  ability  to  perform  the  stated 
duties  gained  through  academ¬ 
ic  coursework/previous  work 
experience  will  be  accepted  in 
lieu  of  the  B.S.  degree  and  2  yrs 
of  exp.  Competitive  salary 
offered.  Send  resume  to:  Amy 
Ryan,  Infimed,  Inc.  121 
Metropolitan  Drive,  Liverpool, 
NY  13088;  Attn:  Job  AP. 


SYNAPSE  GROUP,  INC.,  a 
leading  computerized  magazine 
marketing  company,  is  looking  to 
hire  a  qualified  Database 
Administrator  to  set-up  and 
maintain  the  internal  data  ware¬ 
house  database  and  the  related 
IIS  site  functionality;  to  integrate 
the  database/content  serving 
modules  in  both  SQL  Server  and 
Oracle  environments;  and  to 
develop  internet  applications  for 
the  quality  control  and  manage¬ 
ment  of  document  and  market¬ 
ing  accounts.  Qualified  appli¬ 
cants  are  required  to  possess  at 
least  a  Bachelors  degree  in 
Engineering,  Computer  Science 
or  it's  equivalent.  Sound  knowl¬ 
edge  in  internet  applications, 
Java/Java  Servlets,  HTML, 
SQL,  Unix  and  ORACLE  pre¬ 
ferred.  The  company  offers  a 
competitive  compensation/ben¬ 
efit  package  and  an  environment 
where  achievements  are  recog¬ 
nized  &  professional  growth  is 
encouraged.  Qualified  appli¬ 
cants  are  encouraged  to  mail 
resumes  to:  HR  Dept.,  Synapse 
Group,  Inc.,  Four  High  Ridge 
Park,  Stamford,  CT  06905. 


Premier  Technologies,  Inc.,  is 
one  of  the  IT  Industry's  fastest 
growing  leaders.  We  provide 
world-class  services  in  the  area 
of  web-based  applications.  We 
are  'ooking  for  the  following: 

Programmer  Analysts:  Design 
and  develop  in  PeopleSoft  8.x 
HRMS  including  PeopleTools, 
App  Engine,  Component  Inter¬ 
faces,  workflow,  security,  sqrs, 
DB2.  SQL  Server,  Oracle,  UNIX 
and  NT.  Develop  programs  us¬ 
ing  Java,  ASP,  XML,  JavaScript, 
VB  Script  and  Plumtree  portal. 
Requires  a  Bachelor's  in  Com¬ 
puter  Science  or  related  field 
and  2  years  of  experience. 

Send  Resume  to:  Premier 
Technologies,  Inc.  12808  West 
Airport  Blvd.  Suite  #230  Sugar 
Land,  TX  77478.  E-mail: 
info@premierna.com 


Software  Engineer/ 
Programmer  Analyst/ 
Systems  Analyst/ 
Database  Administrator 
(Multiple  Openings) 

Must  have  bachelors  degree  or 
equivalent  and  experience  in 
some  of  the  following  skills:  ERP 
(SAP.  PeopleSoft,  Oracle  Apps. 
Baan),  CRM  (Seibel,  Clarify. 
Vantive),  C/C++,  Java,  Microsoft 
Technologies  (Visual  Basic, 
Net,  ASP).  Data  Warehousing 
Tools  (Informatica,  Data  Stage. 
Abinitio,  Business  Objects,  Cog- 
nos.  Micro  Strategy,  Brio,  SAS), 
Mainframe  (Cobol,  CICS,  JCL, 
VSAM)  AS400,  Databases  (SQL 
Server  /Oracle  /DB2  /  Sybase), 
and  QA  (Win  Runner,  Load  Run¬ 
ner,  Silk)  in  Windows  (95/98/ 
2000/NT/XP)  and/or  UNIX  (Sun 
Solaris/HP/AlX)  and/or  Linux  op¬ 
erating  systems.  Must  be  able  to 
travel  or  relocate  nationwide. 
Attractive  compensation  pack¬ 
age.  Mail  resume  to:  resumes@ 
isrinfo.com  Or  Human  Resourc¬ 
es  Director,  ISR  Info  Way,  Inc., 
559  D'Onofrio  Drive,  Suite  101, 
Madison,  Wl  53719.  Only 
email/mailed  resumes  accepted 
(No  Walk  Ins). 


User  Support  Analyst,  Aurora, 
CO.  BS  Engineering,  Comp. 
Sci.,  CIS  or  equiv.+  1  yr  exp.  in 
the  job  M-F  /  8  am  -  5  pm 
$41,850  per  yr.  Solve  tech  prob¬ 
lems  &  monitor  ntwrk  equipt. 
Maintain  LAN/WAN  security  for 
internal  &  external  users.  Utilize 
in  depth  knowledge  of  trou¬ 
bleshooting  procedures,  routers 
&  routing  protocols.  Use  LAN/ 
WAN  protocols,  ntwrk  cabling, 
(RG  58,  CAT5  &  Fiber  Optic),  & 
existing  security  features.  Co¬ 
ordinate,  requisition  &  doc.  inte¬ 
gration  of  fast  connectivity 
issues  involving  LAN/WAN  & 
RAS  connections.  Utilize  server 
architecture  &  all  RAID  func¬ 
tions.  Implement  system  backup 
&  recovery  according  to  specific 
hdware/sftware.  Resolve  web 
server  probs.  Use  built  in  func¬ 
tions  of  Windows/Unix  systems 
&  architecture.  Must  have  work 
authority.  Resumes  to:  PO  Box 
46547,  Denver,  Co.  80202. 
Refer  to  order  #:  CO5065919. 


SOFTWARE  ENGINEER  to 
design,  develop  and  maintain 
application  software,  LAN  proto¬ 
cols  and  Layer  2&3  features  for 
switches  using  C  on  UNIX  plat¬ 
form;  Perform  hardware  func¬ 
tional  verification  and  software 
testing  using  GDB,  Forth  debug¬ 
ger,  IXIA,  Pagent  and  SmartBits; 
Develop  functional  and  design 
specifications.  Require:  M.S. 
degree  in  Computer  Science/ 
Engineering,  or  a  closely  related 
field  with  two  years  of  experi¬ 
ence  in  the  job  offered  or  as  a 
Programmer/  Analyst.  Extensive 
travel  on  assignment  to  various 
client  sites  within  the  U.S.  is 
required.  Competitive  salary 
offered.  Apply  by  resume  to: 
Rajender  Gaddam,  Orpine 
Enterprises,  LLC,  1 004  Crooked 
Creek  Court,  Mableton,  GA 
30126;  Attn:  Job  SP. 


KMI,  a  division  of  PAREXEL,  is 
looking  for  an  IS  Consultant, 
Validation  for  its  RTP  office  at 
2520  Meridian  Parkway,  Suite 
200,  Durham,  NC.  Position  will 
provide  broad  range  of  consult¬ 
ing  services  for  IS  &  IT  project 
implementation  and  provide 
consulting  on  appropriate  equip¬ 
ment  validation  strategies,  test¬ 
ing  documentation,  and  SDLC- 
related  documents.  Must  have 
Bachelor's  or  equiv  in  Computer 
Science.  Elect  Engg  or  related  + 
6  yrs  w/  SDLC,  project  manage¬ 
ment,  &  software  quality  assur¬ 
ance  &  implementation.  W/in  6 
yrs,  must  have  1  yr  w/Orade, 
PL/SQL,  SAS  programming,  val¬ 
idation,  Oracle  clinical  based 
research  data  management,  and 
SAS  based  statistical  reporting 
systems  in  a  clinical  field.  Send 
resume  to  HR  -  Job  #102NI, 
KMI/PAREXEL,  195  West 
Street,  Waltham,  MA  02451  or 
HR@parexel.com. 


Manager  of  Client  Services 
The  position  of  Technical 
Manager  requires  the  incumbent 
to  manage  the  staff,  including 
supervisors,  leads  and  associ¬ 
ates.  They  are  responsible  for 
hiring,  performance  appraisals, 
salary  management,  termination 
decisions,  discipline,  counsel¬ 
ing,  training  and  motivating.  In 
addition,  the  Technical  Manager 
will  review  subordinates  perfor¬ 
mance  and  skills  and  recom¬ 
mends  appropriate  training. 
They  are  further  responsible  for 
ensuring  department  resources 
(i.e.  capital  and  staff)  needs  are 
brought  to  the  attention  of  the 
next  level  of  management. 
Must  have  Bachelors  Degree  in 
CS  or  foreign  equivalent  w/abili- 
ty  to  use:  UNIX  and  Progress 
and  the  ability  to  manage  and 
organize  IT  professionals.  40.0 
hrs./wk  9:00  AM  -  6:00  PM  Send 
cover  letter  and  resume  to: 
McCamish  Systems,  LLC,  6425 
Powers  Ferry  Road,  3rd  Floor, 
Atlanta,  GA  30339,  Attn:  Donna 
Perlmutter. 


Seeking  qualified  applicants  for 
the  following  positions  in  Or¬ 
lando,  FL:  Senior  Programmer 
Analyst.  Devise  or  modify  pro¬ 
cedures  or  perform  systems/ 
applications  testing  to  solve 
complex  problems  considering 
computer  equipment  capacity, 
limitations,  operating  time  and 
form  of  desired  results.  Re¬ 
quirements:  Bachelor's  degree* 
in  computer  science,  MIS,  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  sys¬ 
tems/applications  development 
and/or  testing.  Experience  with 
Unix  and  SQL  also  required. 
“Master’s  degree  in  appropriate 
field  will  offset  2  years  of  gener¬ 
al  experience.  Submit  resumes 
to  Sibi  George,  FedEx  Corpor¬ 
ate  Services,  1900  Summit  Tow¬ 
er  Blvd.,  Suite  1400,  Orlando, 
FL  32810.  EOE  M/F/D/V. 


IT  Education  &  Training  Directory 


Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 


IPexpert,  Inc. 

(866)  225-8064 

www.ipexpert.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 

CCNP,  CCNA,  IP  Telephony 


To  place  your  ad  please  call  800-762-2977 


CBT  Nuggets 

(888)  507-6283  &  (541 )  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD 
MCSE,  MCDBA,  MCSD,  CCNA, 
Citrix,  Linux,  A+,  Net  + 


Transcender 

(615)  726-8779 
www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


NW040202EAV/MKV  3 


Computerworld  ♦  InfoWorld 


Network  World  •  February  2,  2004 


Netwc 


2/2/04 


M  Sales  Offices 


Caro)  Laskor,  Associate  Publisher/Vice  President 
JacwWeissman,  Sales  Operations  Coordinator 
Internet:  clasker,  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1287 


New  York/Mew  Jersey 

'  Tom  Daws,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
(201)  634-2300/FAX:  (201)  634-9286 


Northeast 

Donna  Pomponi,  Regional  Sales  Manager 
Internet:  dpomponi@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


Mid-Atlantic 

Jacqui  DiBianca,  Regional  Sales  Manager 
Marta  Hagan,  Sales  Assistant 
Internet:  jdibian,  mhagan@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 


Midwest/Central 

Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786 


Northern  California/Northwest 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Karen  Wilde,  Regional  Sales  Manager 
Miles  Dennison,  Regional  Sales  Manager 
Courtney  Coughlin,  Regional  Sales  Manager 
Maricar  Lagura,  Office  Manager/Sales  Assistant 
Teri  Lowe,  Sales  Assistant 

Internet:  skupiec,  kwilde,  mdennison,  ccoughlin,  mlagura, 
tlowe@nww.com 

(510)  768-2800/FAX:  (510)  768-2801  

Southwest/Rockies 

Becky  Bogart  Randell,  Regional  Sales  Manager 
Angela  Norton,  Sales  Assistant 
Internet:  brandell,  anorton@nww.com 
(949)  250-3006/FAX:  (949)  833-2857  

Southeast 

Don  Seay,  Regional  Sales  Manager 
Internet:  dseay@nww.com 

(404)  845-2886/FAX:  (404)  250-1646  _ 

Customer  Access  Group 

Tom  Davis,  Assoc.  Publisher  Eastern  Region/General 
Manager,  Customer  Access  Group 
Shaun  Budka,  Director,  Customer  Access  Group 
Kate  Zinn,  Sales  Manager,  Eastern  Region 
Internet:  tdavis,  sbudka,  kzinn@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 
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Fusion 

Alonna  Doucette,  Vice  President  Online  Development 

James  Kalbach,  Director,  Online  Services 

Scott  Buckler,  West  Coast  Regional  Sales  Manager 

Stephanie  Gutierrez,  Online  Account  Manager 

Debbie  Lovell,  District  Sales  Manager 

Kristin  Douglas,  Online  Operations  Manager 

Lisa  Thompson,  Online  Ad  Traffic  Coordinator 

Internet:  adoucette,  jkalbach,  sbuckler,  sgutierrez,  dlovell, 

kdouglas,  lthompson@nww.com 

(508)  460-3333/FAX:  (508)  861-0467 


MARKETPLACE 

Response  Card  Decks/MarketPlace 

Jayson  Cooper,  Director  of  Marketplace  Advertising 

Enku  Gubaie,  Senior  Account  Manager 

Caitlin  Horgan,  Account  Manager 

Jennifer  Moberg,  Account  Manager 

Chris  Gibney,  Sales  Operations  Coordinator 

Internet:  jcooper,  egubaie,  chorgan,  jmoberg, 

cgibney@nww.com 

(508)  460-3333/FAX:  (508)  460-1192 

IT  CAREERS 

Vice  President,  Nancy  Percival,  Western  Regional  Manager, 
Caroline  Garcia,  Central  Regional  Manager,  Laura  Wilkinson, 
Central/Westem  Account  Executive,  Mark  Dawson,  Eastern 
Regional  Manager,  Jay  Saveli,  Eastern  Account  Executive, 
DanielleTetreault,  Sales/Marketing  Associate,  Joanna 
Schumann 

(800)  762-2977/FAX:  (508)  875-6310 


www.nwfusion.com 
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MARKETING 
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IDG 

J.  McGovern,  I  ihairman  of  the  Board 
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'Ork  World  is  a  publication  of  IDG.  the  world's  largest 
lisher  of  computer-related  information  and  the  leading 
I  provider  of  information  services  on  information  tech- 
igy,  IDG  publishes  over  275  computer  publications  in  75 
mtries.  Ninety  million  people  read  one  or  more  IDG  publi- 
each  month.  Network  World  contributes  to  the  IDG 
taws  Service,  offering  the  latest  on  domestic  and  interna¬ 
tional  computer  news. 
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publisher  does  not  assume  liability  for  errors  or  omissions. 
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SEMINARS  EVENTS 


Network  World  Seminars 
and  Events  are  one  and  two- 
day,  intensive  seminars  in 
cities  nationwide  covering 
the  latest  networking  technologies.  All  of  our  seminars  are 
also  available  for  customized  on-site  training.  For  complete 
and  immediate  information  on  our  current  seminar  offerings, 
call  a  seminar  representative  at  800-643-4668,  or  go  to 
www.nwfusion.com/seminars. 


iraoe 

World  by  ordering  reprints  of  your  editorial 
mentions.  Reprints  make  great  marketing 
materials  and  are  available  in  quantities  of 
500  and  up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399-1900  x129 
or  E-mail:  mshober®reprintbuyer.com 
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EMC 

continued  from  page  1 

are  trying  to  wed  everything  to¬ 
gether,  because  as  they  move  for¬ 
ward  the  lines  are  going  to  con¬ 
tinue  to  blur  between  what’s 
Clariion  and  what’s  Symmetrix,” 
says  Bob  Moore,  vice  president  of 
IT  for  telecom  provider  Paetec 
Communications  in  Fairport,  N.Y 
Moore’s  company  uses  Sym¬ 
metrix,  Clariion  and  Centera  gear. 

EMC  uses  many  of  the  same 
disk  drives  and  components  in  its 
Symmetrix  and  Clariion  arrays  to 
keep  costs  down  —  a  process 
EMC  calls  commonality. 

“We’ve  worked  very  hard  in 
going  to  commonality’ says  Dave 
Donatelli,  EMC’s  executive  vice 
president  of  storage  platforms 
operations. 

“We  ship  products  that  all  have 
the  same  disk  drives.  We  are  able 
to  use  a  fundamental  building 
block  and  leverage  that  across  all 
of  our  products,”  he  adds. 

EMC’s  NS600  network-attached 
storage  (NAS)  product  is  one  ex¬ 
ample  of  commonality  It  uses  the 
same  hardware  as  the  Clariion 


Hardware's  still  king 


More  online! 

At  Demo  2004  (Feb.  15-17),  you  can  find 
65  of  the  best  new  products,  top-tier 
media  reporting  on  every  idea  and  savvy 
venture  capitalists  weighing  every  opportu¬ 
nity.  Expertise  you  can  count  on. 
Technology  picks  you  can't  afford  to  miss. 
DocFinder:  9228 
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Despite  a  heightened  emphasis  on  software,  EMC’s 
hardware  business  continued  to  grow  in  2003. 

Revenue  (in  millions) 


Q1 

02 

03 

i  04 

Symmetrix 

$575 

$618 

$625 

$732 

Clariion 

$218 

$228 

$228 

$270 

Connectivity  products  (NAS 
wares  and  Connectrix  switches) 

$130 

$137 

$137 

$161 

Revenue  breakdown 

EMC’s  overall  fourth- 
quarter  revenue  of  $1.84 
billion  broke  down  this  way: 

Services  ^  Hardware 

24% - -  Hk-52% 

Software 

24% — - 


CX600,  with  unique  software 
added  that  lets  it  join  a  Sym¬ 
metrix  array  to  the  Ethernet  net¬ 
work,  he  says. 

Users  say  commonality  is  an  ad¬ 
vantage  when  it  comes  to  buying 
storage  gear. 

“For  instance,  if  you  buy  the 
higher-end  Clariion  unit,  it’s  up¬ 
gradeable  to  the  lower-end  Sym¬ 
metrix,”  Moore  says.  “If  you  are  a 
corporate  user,  it  gets  awfully 
costly  to  always  have  those  high- 
end  features  on  tap,  so  if  you  are 
rolling  out  a  small  deployment, 
you  can  technology-protect  your 
investment  by  upgrading  [from 
one  to  the  other] .” 

Other  vendors  have  been  slow 
to  adopt  similar  concepts.  HP  and 
IBM  do  not  use  the  same  drives  in 
their  high-end  and  midrange  stor¬ 
age  arrays. 

The  new  CX300  supports  a 
broader  family  of  non-Windows 
servers  such  as  Unix,  and  it  has 
SnapView  capability  —  some¬ 
thing  the  CX400,  CX500,  CX600 
and  CX700  already  have.  Snap- 
View  gives  users  accelerated 
backup  and  recovery  through 
economical,  disk-based  instant 
restorations. 

EMC  also  is  expected  to  unveil 
an  asynchronous  version  of  its 
data-mirroring  and  disaster-recov- 
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ery  package  MirrorView,  which  is 
expected  to  be  available  in  May 
“An  asynchronous  version  is 
essential  if  you  want  to  geo¬ 
graphically  distribute  your  disk 
arrays  for  business  continuity 
purposes,”  says  Kent  Smith,  presi¬ 
dent  of  Ipso,  a  business  systems 
integrator  in  Wayland,  Mass. 
“Without  it,  disk-write  speed  is 
significantly  degraded,  as  disk 
writes  must  be  confirmed  across 


the  WAN." 

EMC  also  will  launch  new 
application-specific  bundles  for 
its  Clariion  Navisphere  Manage¬ 
ment  Suite  with  customized  con¬ 
figurations  for  Microsoft  Ex¬ 
change  and  SQL  Server,  and  clus¬ 
ter-enablement  and  automated 
replication. 

Further,  the  Clariions  now  will 
be  SMI-S  enabled,  letting  them 
be  managed  by  any  Common  In¬ 


formation  Model-capable  stor¬ 
age  management  package. 

“SMI-S  increases  interoperability 
and  inter-manageability  across 
systems,”  Smith  says.“It  will  likely 
be  a  checklist  item  for  us  in  the 
next  six  to  12  months.” 

By  midyear  EMC  is  expected  to 
announce  a  new  family  of  NAS 
gateway  products  —  the  NS700G 
and  the  NS700  —  and  a  new  ver¬ 
sion  of  its  DART  NAS  operating 
system, sources  say. 

The  company  also  is  expected 
to  announce  performance  and 
reliability  enhancements  for  its 
Centera  storage  subsystem  for 
fixed  content  and  for  the  first 
time  an  API  that  lets  Centera  be 
connected  to  mainframe  servers. 
Two  new  low-end  Clariion  arrays 
—  the  CXI 00  and  CXI 50  —  also 
are  expected.  ■ 

Get  more  information  online. 
DocFinder:  9532 
I  www.nwfusion.com 


Oracle  previews  apps  suite, 
unveils  data  aggregation  tool 


■  BY  ANN  BEDNARZ 

Oracle  last  week  used  its  AppsWorld  event  in  San 
Diego  to  preview  the  next  release  of  its  business 
applications  suite  and  unveil  software  for  consoli¬ 
dating  customer  information.  The  two  announce¬ 
ments  signal  a  fresh  resolve  from  Oracle  to  integrate 
its  software  with  other  vendors’  wares. 

The  focus  of  E-Business  Suite  Hi. 10,  which  is  ex¬ 
pected  midyear,  is  on  integration.  Oracle  is  exposing 
hundreds  of  interfaces  as  Web  services  to  make  it 
easier  and  less  costly  for  companies  to  automate 
business  processes  that  span  Oracle  and  non-Oracle 
applications,  the  vendor  says. 

E-Business  Suite  Hi. 10  features  native  support  for 
interfaces  established  by  the  Open  Applications 
Group  (OAG),  which  defines  unifying  standards  for 
business  applications.  Specifically  the  suite  will  sup¬ 
port  more  than  150  OAG-defined  business  objects, 
such  as  a  purchase  order.  Oracle  also  is  expanding 
its  support  for  industry-specific  protocols,  such  as 
RosettaNet  for  high-tech  manufacturing  and  HL7  for 
healthcare,  in  Version  Hi. 10. 

A  new  integration  interface  repository  catalogs  the 
published  APIs  of  Oracle’s  E-Business  Suite  to  make 
it  easier  for  users  to  search  and  view  all  available 
interfaces.  Ties  to  Oracle’s  Application  Server  lOg 
allow  integration  with  third-party  applications  and 
business  partners,  such  as  suppliers  and  customers, 
Oracle  says. 

E-Business  Suite  1  li.10  also  features  new  industry- 
focused  functionality  targeting  businesses  in  con¬ 
struction,  engineering,  consumer-packaged  goods, 
government,  financial  services,  healthcare,  high-tech 
manufacturing,  professional  services  and  telecom, 
Oracle  says. 

For  the  pharmaceuticals  industry,  for  example, 
Oracle  added  features  for  clinical  trial  management 
and  data  analysis.  For  the  telecom  industry  Oracle 


added  provisioning  automation  functionality  and 
for  consumer  packaged  good  manufacturers  and 
suppliers,  it  added  radio  frequency  identification 
capabilities. 

Separately  Oracle  introduced  its  Customer  Data 
Hub,  a  product  designed  to  provide  a  single  view  of 
customer  information  contained  in  disparate  busi¬ 
ness  applications. 

Slated  to  be  released  with  Oracle  1  li. 10, Oracle 
Customer  Data  Hub  consolidates  customer  infor¬ 
mation  from  different  sources  into  one  repository 
that  ties  into  transactional  applications.  It  provides 
active  and  real-time  access  to  customer  data  with¬ 
out  the  need  to  move  data  between  transaction  sys¬ 
tems  and  a  data  warehouse,  Oracle  says. 

Customer  Data  Hub  has  three  components: 
Oracle’s  current  E-Business  data  model,  which 
forms  the  basis  of  the  hub  and  has  been  extended 
to  support  non-Oracle  applications;  Customers  On¬ 
line,  which  provides  a  user  interface  to  the  central 
data  repository  and  tools  for  consolidating,  updat¬ 
ing  and  managing  system  sources;  and  Data 
Librarian,  which  offers  consolidation  and  data 
quality  tools. 

The  Customer  Data  Hub  and  E-Business  Suite  are 
part  of  Oracle’s  vision  for  an  open,  standards-based 
platform,  which  it  calls  its  Information  Architecture. 

This  framework  is  aimed  at  improving  the  quality 
of  information,  applications  and  infrastructure, 
Oracle  says.  It’s  about  consolidating  data  from 
Oracle  and  non-Oracle  applications  and  providing 
a  consistent, enterprisewide  definition  of  customers, 
suppliers,  partners  and  employees. 

Oracle’s  Information  Architecture  strategy  is  the 
first  new  product  concept  from  Oracle  that  actually 
works  across  its  three  distinct  businesses  —  appli¬ 
cations,  databases/tools/infrastructure  and  services 
according  to  Bruce  Richardson,  senior  vice  presi¬ 
dent  at  AMR  Research.  ■ 
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continued  from  page  1 

to  have  to  bear  a  little  pain" 

SIP  proponents  say  such  interoperability 
problems  are  common  for  a  protocol  of 
SIP’s  size,  complexity  and  flexibility  The 
main  SIP  specification,  which  the  IETF  fin¬ 
alized  in  June  2002,  is  260  pages. The  IETF 
has  issued  an  additional  22  documents 
that  detail  SIP  features  and  extensions. 

To  help  improve  how  SIP  products  work 
together,  the  SIP  development  community 
is  hosting  its  14th  interoperability  testing 
event,  called  SIPit,  next  week  in  Cannes, 
France.  Sixty  vendors  are  expected  to  send 
engineers  to  the  SIPit  event,  which  will 
include  troubleshooting  in  such  areas  as 
device  registration,  user  authentication 
and  server  failover.  (The  SIPit  event  is 
closed  to  the  public  and  press,  and  no 
information  is  released  about  which  prod¬ 
ucts  fail  to  comply  with  the  standard.  SIPit 
officials  spoke  to  Network  World  about  the 
most  common  interoperability  problems.) 

Until  these  problems  are  fixed,  compa¬ 
nies  planning  to  deploy  SIP  should  allow 
extra  time  for  troubleshooting,  particularly 
if  they  plan  to  roll  out  SIP’s  more  advanced 
features,  experts  say 

“SIP  is  extremely  flexible,  but  anytime 
you  have  [a  protocol]  that’s  flexible,  you 
have  different  ways  of  interpreting  things 
or  doing  things,” says  Ken  Fischer,  principal 
architect  for  softswitch  services  at  Level  3 
Communications. 

Level  3  has  deployed  SIP  with  30  service 
providers  including  Qwest  and  SBC  since  it 
announced  a  VoIP  offering  in  September. 
The  IP  backbone  provider  says  interoper¬ 
ability  problems  are  adding  an  extra 
month  of  troubleshooting  to  each  of  its  SIP 
deployments,  which  are  taking  twice  as 
long  as  planned. 

“The  problems  are  all  minor  and  annoy¬ 
ing,  but  there’s  enough  of  them”  to  have 
business  implications,  Fischer  says.  “We 
haven’t  run  into  anything  where  we’ve  said 
this  will  take  six  months  to  fix  or  we’ll  never 
fix  this.  But  there  are  all  kinds  of  things 
where  we  have  to  get  three  engineers  into 
a  room  and  work  through  code. ...  On  the 
business  side,  if  it  adds  four  weeks  to  our 
schedule,  then  it’s  four  more  weeks 
between  a  sale  and  revenue.” 

Despite  the  delays,  Level  3  remains  com¬ 
mitted  to  SIP  and  says  it  is  the  best  tech¬ 
nology  on  the  horizon  to  bring  multimedia 
communications  to  the  Internet. 

“The  basic  call  control  functions  [of  SIP] 
work  pretty  well  out  of  the  box,  but  that’s 
not  why  SIP  was  invented.  It  was  invented 
for  the  new  services,"  Fischer  says.  “The 
good  news  is  that  people  have  wonderful 
ideas  about  new  services.  The  bad  news  is 
that  you  have  to  work  through  interoper¬ 
ability  problems  with  these  new  services.” 

Carriers  such  as  Level  3  are  experiencing 
the  pain  of  SIP  interoperability  problems 
Li  st  because  they  are  mixing  and  matching 
Moducts  from  multiple  vendors.  However, 
the  implications  of  the  SIP  interoperability 
problems  could  be  serious  for  the  dozens 
of  companies  such  as  IBM,  Reuters  and 


Monster.com  that  are  rolling  out  SIP-based 
VoIP  applications. 

Reuters  has  run  into  all  these  interoper¬ 
ability  problems  in  the  past  18  months  as  it 
has  deployed  a  SIP-based  instant-messag¬ 
ing  platform  for  the  financial  services 
industry  that  has  50,000  users  each  week. 
Reuters  uses  client  and  server  software 
from  Microsoft  for  its  SIP  applications. 

“SIP  is  a  session  protocol,  and  it’s  very 
close  to  the  application  layer]’  says  David 
Curie,  executive  vice  president  for  collabo¬ 
ration  services  at  Reuters.  “There’s  a  per¬ 
ception  that  SIP  will  be  as  plug-and-play  as 
TCP  or  [User  Datagram  Protocol]  or  IP  or 
HTTPBut  it’s  not  going  to  be  as  easy  as  that 
because  the  higher  you  go  in  the  network¬ 
ing  stack,  the  more  business  logic  you 
carry’ 

Gurle  says  Reuters  has  faced  challenges 
getting  its  SIP-based  application  to  inte¬ 
grate  with  non-SIP  networks  run  by  AOL 
and  Microsoft,  and  SIP-based  networks  that 
IBM  and  others  run.The  hardest  part  of  the 


process  is  translating  between  the  business 
logic  that  these  companies  have  built  into 
their  network  applications. 

“What  surprises  me  the  most  is  the  differ¬ 
ence  in  semantics,”  Gurle  says.  “It’s  like  two 
persons  trying  to  talk  about  the  same  thing 
but  doing  it  from  different  perspectives.  It’s 
the  business  logic  that  makes  the  integra¬ 
tion  harderl’ 

Gurle  says  it’s  easy  to  set  up  basic  SIP 
communications  across  diverse  network 
platforms  but  it  gets  much  harder  to  deploy 
complex  SIP-based  applications  such  as 
presence  and  IM. 

“There  are  a  few  things  that  SIP  knows 
how  to  do  well,  quickly  and  at  cheap 
cost,”  Gurle  says.  “But  there  are  growing 
pains  because  lots  of  people  want  to 
leverage  the  flexibility  of  SIRand  in  doing 
so  they  increase  the  difficulty  of  different 
implementations.” 

End-user  devices  that  don’t  comply  with 
the  SIP  specification  cause  most  of  the 
interoperability  problems. 

For  example,  several  SIP  phones  are  miss¬ 
ing  the  ability  to  deal  with  a  failed  device 
registration.  In  these  cases,  a  device  will 
register  what  it  considers  a  good  password, 
but  the  server  will  reject  that  password.The 
device  will  keep  trying  to  submit  the  pass¬ 


word,  and  the  server  will  keep  rejecting  it 
until  the  system  crashes. 

“There  are  several  SIP  devices  that  are 
made  to  look  like  voice  telephones  that 
have  this  problem,”  says  Robert  Sparks,  a 
principal  software  engineer  at  Dynamic- 
soft  and  coordinator  of  the  SIPit  interoper¬ 
ability  testing  event.  “These  systems  are 
being  deployed  enough  to  where  it’s  caus¬ 
ing  people  pain.” 

Another  problematic  area  is  SIP’s  digest 
authentication  mechanism,  which  requires 
two  round-trip  messages  to  be  sent  be¬ 
tween  the  end  user  and  the  server.  Some 
SIP  products  handle  authentication  in  one 
round-trip  message,  but  these  products  do 
not  comply  with  the  SIP  specification. 

“There  are  some  implementations  that 
haven’t  followed  the  specifications  and  do 
their  digest  calculations  wrong,”  Sparks 
says.“Down  the  road  the  SIP  authentication 
story  is  going  to  get . . .  better  because  we’re 
working  on  certificate-based  credentialing.” 

Problems  also  occur  when  end  users 


want  to  transfer  SIP  calls  outside  their  cor¬ 
porate  network.  Sometimes  these  call  trans¬ 
fers  don’t  work  because  of  firewalls  or  net¬ 
work  address  translators  at  the  edge  of  the 
two  networks  involved  in  the  call  transfer. 

“If  you’re  on  a  LAN  inside  your  company 
and  there  are  no  NATs  and  no  firewalls,  the 
call  transfer  experience  will  be  fine. But  you 
drop  in  a  NAT,  you  drop  in  a  firewall  or  you 
drop  in  a  policy  enforcement  mechanism, 
and  call  transfer  tends  to  fail,”  Sparks  says. 

The  IETF  is  working  on  two  companion 
protocols  —  dubbed  STUN  for  Simple  Trav¬ 
ersal  of  User  Datagram  Protocol  Through 
Network  Address  Translators,  and  GRUU  for 
Globally  Routable  User  Agent  Universal 
Resource  Indicator  —  that  will  address 
how  SIP  works  through  NATs  and  firewalls. 

“I  don’t  see  anything  here  that’s  a  real 
showstopper  for  SIP  but  there’s  hard  work 
to  be  done  on  the  NAT  problem,”  Sparks 
says.“The  IETF  working  groups  are  engaged 
in  that  work.” 

Interoperability  problems  also  crop  up 
when  SIP  vendors  fail  to  use  the  standard 
telephone  numbering  scheme,  known  as 
E164  numbers.  Vendors  are  supposed  to 
require  country  codes  first, then  area  codes 
and  seven-digit  numbers.  But  some  ven¬ 
dors  use  their  own  private  numbering 


plans,  which  causes  incompatibilities. 

Level  3  discovered  that  one  softswitch 
vendor  didn’t  follow  the  rule  of  placing  a  +1 
at  the  beginning  of  all  U.S.  calls.  This  error 
created  a  problem  because  calls  meant  for 
India  —  which  uses  a  91 1  country  code  — 
were  interpreted  as  emergency  calls. 

Also  alarming  is  that  the  SIP  mechanisms 
for  handling  server  failover  have  not  been 
implemented  universally  making  it  difficult 
for  failover  to  occur  across  different  sys¬ 
tems  or  networks.  Sparks  says  this  is  the 
most  critical  interoperability  problem  that 
SIP  faces  today 

Server  failover  “is  an  area  that  needs 
industrywide  attention, ’’Sparks says.“Things 
are  not  working  as  well  as  they  should.This 
has  to  do  with  scalability’ 

SIP  proponents  anticipate  several  devel¬ 
opments  this  year  that  will  improve  how 
SIP  products  interoperate. 

The  SIP  Forum  is  expected  to  release  at 
the  SIPit  event  a  set  of  interoperability  tests 
that  SIP  developers  and  buyers  can  use  to 


test  whether  a  particular  device  has  known 
interoperability  problems. 

In  addition,  the  IETFs  Session  Initiation 
Proposal  Investigation  working  group  is  de¬ 
veloping  a  so-called  torture  test  that  SIP 
product  developers  can  use  to  test  for  com¬ 
pliance  with  the  SIP  specification. The  test 
measures  how  well  a  SIP  system  can  han¬ 
dle  oddities  such  as  ultra-long  SIP  mes¬ 
sages  and  non-ASCII  characters.  The  test 
should  be  finalized  by  summer. 

By  year-end,  SIP  proponents  expect  the 
emergence  of  third-party  organizations 
that  will  certify  products  as  SlP-compli- 
ant.  ■ 
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Columbia  University  professor  Henning  Schulzrinne 
offers  advice  for  network  executives  planning  to 
purchase  SIP-based  applications. 
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Known  SIP  interoperability  problems 


Problem 

Device 

registration 

Digest 

authentication 

Firewall  traversal 

Server  failover 

Telephone 

numbering 

Description 

Some  servers  don’t 
handle  failed  registra¬ 
tions  correctly,  caus¬ 
ing  devices  to  continue 
trying  to  register  a 
password  until  the 
system  crashes. 

SIP  mandates  two 
messages  between 
device  and  server  for 
authentication,  but 
some  vendors  use 
one  message  to 
improve  efficiency. 

It's  difficult  for  SIP 
features  such  as  call 
transfer  to  work 
through  firewalls, 
NATs. 

Some  vendors 
haven't  deployed  SIP 
mechanisms  for 
server  failover. 

Some  vendors  use 
non-standard 
numbering  schemes. 

What’s 
being  done 

Vendors  are 
upgrading  products; 
SIP  specification  is 
being  clarified. 

Vendors  must  do 
authentication  in  two 
messages. 

IETF  is  working  on 
documents  that 
clarify  how  firewalls, 
NATs  handle  SIP 
calls. 

The  next  SIPit  event 
will  test  failover 
across  different  SIP 
products. 

Not  technically  a  SIP 
problem,  but  the 
National  Emergency 
Number  Association 
is  addressing. 

Feeling 
overwhelmed  by 
service  level 
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Premium  sponsors  of 
SLM  Solutions 


Computer  Associates' 


COMPCJWARE  f  ^  I 


/  iCansp 

V  Th»  Art  of  Sw>tc»  Mmgnwnt 


invent 


MERCURY  INTERACTIVE 


83  Remedy 

a  BMC  Software  company  9 


HMB 


VISUAL 


NETWORKS* 


Register  and  download  your  FREE  online  copy  of 

SLM  Solutions:  A  Buyer's  Guide. 

Choosing  an  ideal  product  or  service  for  Service  Level  Management  (SLM)  is  a  tough  challenge.  Products 
are  many  and  terminology  is  confusing.  Identifying  products  that  meet  your  requirements  can  be  a 
daunting  task.  SLM  Solutions:  A  Buyer’s  Guide,  now  in  its  second  edition,  has  answers  for  you — 
summarized  and  organized  as  a  single  resource. 

Written  by  the  internationally  recognized  authorities  on  SLM,  Rick  Sturm  and  Lisa  Erickson-Harris,  it 
contains  a  comprehensive  directory  of  SLM  products,  services  and  details  about  SLM  vendors  and  their 
solutions. This  book  also  offers  a  simplified  tutorial  about  SLM,  giving  insight  on  setting  up  an  SLM  program 
and  selecting  the  necessary  tools  to  succeed.  SLM  Solutions  is  a  must  for  anyone  who  is  serious  about 
SLM. 

Enterprise  Management  Associates  (EMA)  is  an  industry  analyst  firm  focused  specifically  on  management 
software  and  services.  With  a  reputation  of  being  a  leading  authority  on  SLM — and  drawing  upon  its  work 
with  IT  organizations,  service  providers  and  SLM  vendors — EMA  is  able  to  bring  you  this  authoritative 
guide. 


Download  your  free  copy  of  the  second  edition  of  A 
SLM  Solutions:  A  Buyer’s  Guide  at  http://www.slrh-infOior; 


ENTERPRISE  MAN  A  GEM  E  N  T 
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www.enterprisemanagement.com 
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Mark  Gibbs 


Blame  the  workman 


fter  my  rant  last  week  about 
pop-ups, -unders  and  -outs  and 
the  warning  about  the  coming 
wave  of  TV-style  Web  advertising,  you 
provided  some  interesting  feedback. 
The  reward  fund  I  had  proposed  (I 
put  up  the  first  $100)  for  the  first 
effective  utility  to  block  the  new  Web- 
based  TV-style  ads  has  risen  to  $425! 

A  couple  of  readers  suggested  that  if  we  unin¬ 
stalled  Windows  Media  Player  or  disabled  the  Micro¬ 
soft  Java  Virtual  Machine  we  would  solve  the  prob¬ 
lem  (Unicast,  the  TV-style  ad  technology  supplier, 
notes  that  the  lack  of  either  of  these  prevents  the  dis¬ 
play  of  ads). 

This  cannot  work  for  consumers  in  general  who 
would  be  hard-pressed  to  make  such  changes  with¬ 
out  Mr.  Catastrophe  paying  a  house  call.There  also 
are  those  people  who  need  either  or  both  of  those 
subsystems  for  an  application  they  use. 

Another  suggestion  included  adding  the  ad  serv¬ 
ing  companies  to  black  lists,  but  that  would  be  easily 
defeated  by  them  changing  their  domains  and/or 
their  IP  addresses.  Again,  no  cigar. 

This  is  going  to  need  some  code.  If  you  come  up 
with  something  and  want  to  get  in  the  running  for 
the  reward  money  the  software  must  be  freeware, 
must  not  contain  spyware  of  any  kind,  and  at  least 


80%  of  the  folks  putting  up  the  reward  money  must 
agree  the  software  does  what  it  is  supposed  to  do 
reliably  and  effectively  The  winner  will  most  definite¬ 
ly  be  going  for  the  glory  rather  than  the  riches. 

Reader  Mark  Heider  raised  as  a  side  issue  some¬ 
thing  that  reminded  me  of  a  topic  I  wanted  to  dis¬ 
cuss  a  few  months  ago  and  got  sidetracked  from.  He 
discussed  the  TV-style  ads  and  then  continued  with, 
“The  advertising  trend  that  1  currently  dislike  most  is 
the  Macromedia  Flash  advertisements,  which  are 
becoming  more  prevalent  on  weather  and  news 
sites  in  particular.The.se  ads  tend  to  be  bandwidth 
hogs  and  hijack  the  underlying  page  until  they  have 
finished.  There  appears  to  be  no  easy  way  to  disable 
these  without  causing  legitimate  uses  of  Macro¬ 
media  to  break  as  well.” 

1  couldn’t  agree  more,  but  what  bothers  me  is  how 
products  and  technologies  become  associated  with 
and  blamed  for  how  they  are  used  rather  than  who 
uses  them. 

A  good  example  of  this  was  the  release  last  August 
of  Volume  1  of  the  Columbia  Accident  Investigation 
Board’s  report  on  why  the  space  shuttle  crashed.The 
ship’s  foam  insulation  was  found  to  be  the  main 
cause  of  the  disaster  but  another  culprit  was  fin¬ 
gered:  Microsoft  PowerPoint. 

The  board  decided  that  NASA  had  become  too 
reliant  on  presenting  complex  information  via 


PowerPoint,  instead  of  by  means  of  traditional  ink- 
and-paper  technical  reports.The  smoking  gun  was  a 
confusing  PowerPoint  slide  concerning  an  assess¬ 
ment  of  possible  wing  damage  during  the  mission. 
You  can  see  the  slide  and  a  critique  of  it  by  the  leg¬ 
endary  Edward  Tufte  at  www.nwfusion.com,  Doc- 
Finder:  9531. 

The  board  announced  that  the  engineers  pre¬ 
sented  their  findings  in  a  slide  “so  crammed  with 
nested  bullet  points  and  irregular  short  forms  that  it 
was  nearly  impossible  to  untangle,”  and  went  on, “It  is 
easy  to  understand  how  a  senior  manager  might 
read  this  PowerPoint  slide  and  not  realize  that  it 
addresses  a  life-threatening  situation.” 

The  implication  was  that  foam  insulation  and 
PowerPoint  were  the  guilty  parties  and  never  mind 
that  the  engineers  did  a  shoddy  job  and  that  the 
NASA  risk  analysis  process  was  deeply  flawed.  My 
grandmother  had  a  saying  that  covers  this  rather 
nicely: ‘A  poor  workman  blames  his  tools.” 

While  we  persist  in  blaming  the  technology  or  its 
creators  rather  than  the  people  who  deploy  and  use 
it,  we  will  never  be  able  to  fix  the  things  we  know  to 
be  broken.That  is  as  true  in  the  world  of  online 
advertising  as  it  is  in  the  world  of  space  flight. 

Who  or  what  do  you  blame?  Tell  backspin@ 
gibbs.com. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

Vote  “nay”  on  'Net  balloting 

Someone  has  to  put  a  stop  to  this 
Internet  voting  madness  before  its 
unholy  alliance  of  technological  arrogance,  greed  and  political  opportunism 
does  real  harm  to  our  democracy. 

And  you  —  the  Network  World  reader —  are  in  a  far  better  position  than 
most  to  help  steer  this  ship  away  from  that  iceberg.  You’re  a  concerned  citizen, 
a  voter  and  a  network  security  expert:  Get  on  the  horn  or  write  to  your  law¬ 
makers.  Tell  anyone  who  will  listen  that  Internet  balloting  —  at  least  for  any¬ 
thing  more  important  than  American  Idol  —  is  just  plain  nuts. 

You  don't  have  to  say  nuts.  Feel  free  to  be  more  polite. 

As  you  might  have  read,  a  panel  of  four  security  experts  recently  came  to 
just  that  conclusion  —  without  actually  saying  nuts  —  after  they  were  asked  to 
assess  the  Secure  Electronic  Registration  and  Voting  Experiment,  which  actu¬ 
ally  is  neither  secure  nor  an  experiment.  SERVE  is  the  Defense  Department's 
answer  to  making  voting  easier  than  mail-in  absentee  ballots  for  6  million  U.S. 
residents  —  mostly  military  personnel  —  living  abroad.  You  can  read  the  unam¬ 
biguously  damning  report  at  www.nwfusion.com,  DocFinder:  9537. 

The  bottom  line:  Any  Internet  voting  system  is  simply  too  vulnerable  to  attack 
and  manipulation  to  justify  deployment  at  any  time  in  the  foreseeable  future. 

Much  of  the  press  coverage  since  its  release  has  focused  on  whether  the  critics 
are  correct  in  their  assessment  that  SERVE  is  a  sieve  that  cannot  be  fixed. 

T  iO  truth  is  that  it  doesn’t  matter  —  for  at  least  two  reasons. 

First,  this  is  a  classic  case  of  perception  being  everything.  An  Internet-based 
voting  mechanism  could  be  as  secure  as  the  limits  of  human  ingenuity  allow, 
but  even  a  100%  bulletproof  system  —  presuming  such  a  thing  is  possible  — 
means  nothing  if  a  meaningful  chunk  of  the  public  lacks  faith  in  its  infallibility. 

The  public  will  lack  faith  . .  .  because  it  should  lack  faith. 


Those  who  argue  that  the  current  voting  system  has  its  own  flaws  that 
already  engender  suspicion  and  scandal  miss  the  point:  Adding  to  those  vul¬ 
nerabilities  and  doubts  —  especially  on  the  scale  that  Internet  voting  would 
bring  —  makes  no  sense  whatsoever  when  the  payoff  is  as  inconsequential  as 
incremental  convenience  for  voters. 

The  second  reason  that  all  the  debate  about  SERVE’s  security  doesn’t  matter 
is  that  its  sponsors  —  ostensibly  the  military,  but  more  widely  the  military’s 
political  overseers  —  insist  they  are  taking  this  baby  live  in  November  come 
hell  or  hackers.They  have  essentially  told  the  critics  that  their  concerns  aren’t 
worth  a  pile  of  chads,  which  is  odd  to  say  the  least  because  it  was  SERVE’s 
sponsors  who  asked  the  security  experts  for  their  opinions. 

The  arrogance  is  utterly  astounding  given  what’s  known  about  the  Internet 
and  what  is  at  stake  if  SERVE’s  security  is  breached. 

As  you  can  probably  gather,  this  headlong  rush  into  online  voting  —  damn  the 
consequences  —  makes  my  blood  boil  in  a  way  that  few  other  issues  do.  And 
that’s  not  a  good  thing  for  me  these  days  . . .  read  on. 

So  here's  where  I've  been 

They  were  the  second-most-shocking  words  I’d  ever  heard  from  a  medical 
professional:  “You're  having  a  heart  attack.” 

(The  first?  . . .  "You’re  having  triplets.") 

Minor  heart  attack  is  an  oxymoron,  of  course,  yet  mine  four  days  before 
Christmas  was  thankfully  on  the  less-damaging  end  of  the  scale.  A  stent,  an 
unappealing  diet  and  a  newfound  commitment  to  daily  exercise  are  the  most 
prominent  aftereffects. 

It's  nice  to  be  back  ...  oh,  yeah,  it's  nice  to  be  back. 

Thanks  to  those  of  you  who  sent  words  of  encouragement . . .  and  to  the  incom¬ 
parable  Adam  Gaffin  for  keeping  the  seat  warm  with  his  Compendium.  My  address 
remains  buzz@nww.com. 


The  new  HP  ProLiant  DL140,  powered  by  the  Intel  Xeon™  processor,  delivers  the  expandable  performance  your  workload 

demands.  Now  you  can  get  the  ProLiant  reliability  you  expect  at  a  price  you  might  not— and,  through  February  29,  you'll  get  double  the  memory  for  free.  HP's  newest 
server  is  designed  with  the  latest  industry-standard  technologies  to  keep  it  affordable,  easy  to  set  up,  integrate  and  maintain.  The  reliable,  hardworking  DL140  helps  you 


spend  more  time  focusing  on  your  business  and  less  time  serving  your  server.  Demand  more  of  what  you  need.  Demand  a  server  that's  powerfully  simple  and  HP 
dependable.  Demand  it  for  less  from  HP. 


HP  ProLiant  DL140 
SERVER 

with  Free  Double  Memory 

$1,149 

One  Intel®  Xeon™  processor  2.40GHz 
(upgradable  to  2) 

1 GB  SDRAM  for  the  price  of  5 1 2MB 
(upgradable  to  4GB) 

80GB  ATA  Hard  Drive* 

Integrated  Dual  10/100/1000  NICs 
One  PCI-X  64-bit/l  33MHz  slot 
Standard  Quick  Deployment  Rails 
1-Year  Limited  Global  Warrantyt 


m 

invent 


To  find  out  more,  visit  www.hp.com/go/hp5  or  call  1-800-888-5814. 


I  Offer  available  when  bought  direct  from  HP  or  from  participating  authorized  resellers  Prices  shown  are  HP  direct  prices;  reseller  and  retailer  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  taxes  or  shipping  to  recipient's  destination.  HP  is  not  liable  tor  editorial,  p.  t-  w 
typographical  errors  m  this  advertisement  Photography  may  not  accurately  represent  exact  configurations  priced.  Otters  cannot  be  combined  with  any  other  offer  or  discount  and  are  good  while  supplies  last.  Limited  order  quantities.  Promotions  void  where  prohibited  or  restricted  by  law  'For  hard  drives.  GB=bitlion  C  tec  Certcr  . 
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Cut  router 
costs  in  half 


compromising 


The  NetVanta'  3000  Series  fromBTRAIT. 


Dare  to  Compare! 

NetVanta 

3305 

Industry-Leading 

Brand 

Dual  Network  Interfaces 

✓ 

$$$ 

Dual  Ethernet  Interfaces 

✓ 

$$$ 

Stateful  Inspection  Firewall 

✓ 

$$$ 

Command  Line  Interface  (CLI) 

✓ 

✓ 

Quality  of  Service  (QoS) 

✓ 

✓ 

VLAN  Trunking 

✓ 

✓ 

Virtual  Private  Networking  (VPN) 

s 

$$$ 

Dial  Backup 

$ 

$$$ 

PBX  Connectivity 

$ 

$$$$$ 

Unlimited  Telephone  Support 

✓ 

sss 

Free  Maintenance  Releases 

✓ 

Not  Available 

Warranty 

5  Year 

1  Year 

Uncompromising  quality.  Affordable  price.  There's  no  better  value 
in  access  routers  than  the  NetVanta  3000  Series  from  ADTRAN. 


Using  a  NetVanta  3000  router,  you  can  outfit  a  remote 
location  with  complete  T1  voice  and  data  communications 
for  50%  less  than  you’re  accustomed  to  paying.  Loaded 
with  standard  features,  and  available  with  very  reasonably 
priced  options,  the  NetVanta  3000  Series  is  everything  you 
need  in  a  router  and  more.  Lower  price  isn’t  the  result  of 
cutting  corners — it’s  the  result  of  smart  engineering. 
Engineering  that’s  backed  by  a  100%  satisfaction  guarantee 
from  ADTRAN,  including  unlimited  telephone  technical 
support  (before  and  after  the  sale), ./bee  maintenance  upgrades, 
and  a  full  five-year  warranty.  Try  a  NetVanta  3000  router 
today.  And  start  getting  more  out  of  your  router  dollar. 

Why  pay  more? 


Test  your  CLI  knowledge!  Receive  a  free  T-Shirt! 

www.adtran.  com/in  fo/wh  ypa  ymore 


877.767.6022  Technical  Questions 
877.280.8416  Where  to  Buy 


Experts  choose  ADTRAN!"  Adirati 


API  RAN  Inc.  AH  rights  reserved.  ADTRAN  and  NetVanta  are  trademarks  of  ADTRAN,  Inc. 
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